CVE-2025-41345

Summary

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarDenunciasById.php'.

Affected Software

VendorProductVersion RangeStatus
CanalDenunciaCanalDenuncia.app0 < 4.4.8affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References