Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-34293

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-24 Oct, 2025 | 21:16
Updated At-27 Oct, 2025 | 15:23
Rejected At-
Credits

GN4 Publishing System Insecure Direct Object Reference (IDOR) Information Disclosure

GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference (IDOR) vulnerability via the API. Authenticated requests to the API's object endpoints allow an authenticated user to request arbitrary user IDs and receive sensitive account data for those users, including the stored password and the account's security question and answer. The exposed recovery data and encrypted password may be used to reset or take over the target account.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:24 Oct, 2025 | 21:16
Updated At:27 Oct, 2025 | 15:23
Rejected At:
▼CVE Numbering Authority (CNA)
GN4 Publishing System Insecure Direct Object Reference (IDOR) Information Disclosure

GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference (IDOR) vulnerability via the API. Authenticated requests to the API's object endpoints allow an authenticated user to request arbitrary user IDs and receive sensitive account data for those users, including the stored password and the account's security question and answer. The exposed recovery data and encrypted password may be used to reset or take over the target account.

Affected Products
Vendor
Naviga Global / Miles 33
Product
GN4 Publishing System
Modules
  • web API: cmd/GetObjectInfos and cmd/ids/get endpoints
Default Status
unaffected
Versions
Affected
  • From 0 before 2.6 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-639CWE-639 Authorization Bypass Through User-Controlled Key
Type: CWE
CWE ID: CWE-639
Description: CWE-639 Authorization Bypass Through User-Controlled Key
Metrics
VersionBase scoreBase severityVector
4.08.6HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Victor A. Morales, Senior Pentester Team Leader, GMSecTec Inc.
finder
Omar Crespo, Pentester, GMSecTec Inc.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.miles33.com/news/news/5955/naviga--miles-33--acquisition.html
media-coverage
related
https://nne.navigacloud.com/GN4Help/gn4_introduction_to_gn4.htm
product
https://www.miles33.com/section/14/gn4
product
https://www.vulncheck.com/advisories/gn4-publishing-system-idor-information-disclosure
third-party-advisory
Hyperlink: https://www.miles33.com/news/news/5955/naviga--miles-33--acquisition.html
Resource:
media-coverage
related
Hyperlink: https://nne.navigacloud.com/GN4Help/gn4_introduction_to_gn4.htm
Resource:
product
Hyperlink: https://www.miles33.com/section/14/gn4
Resource:
product
Hyperlink: https://www.vulncheck.com/advisories/gn4-publishing-system-idor-information-disclosure
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:24 Oct, 2025 | 22:15
Updated At:27 Oct, 2025 | 13:20

GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference (IDOR) vulnerability via the API. Authenticated requests to the API's object endpoints allow an authenticated user to request arbitrary user IDs and receive sensitive account data for those users, including the stored password and the account's security question and answer. The exposed recovery data and encrypted password may be used to reset or take over the target account.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.6HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-639Secondarydisclosure@vulncheck.com
CWE ID: CWE-639
Type: Secondary
Source: disclosure@vulncheck.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://nne.navigacloud.com/GN4Help/gn4_introduction_to_gn4.htmdisclosure@vulncheck.com
N/A
https://www.miles33.com/news/news/5955/naviga--miles-33--acquisition.htmldisclosure@vulncheck.com
N/A
https://www.miles33.com/section/14/gn4disclosure@vulncheck.com
N/A
https://www.vulncheck.com/advisories/gn4-publishing-system-idor-information-disclosuredisclosure@vulncheck.com
N/A
Hyperlink: https://nne.navigacloud.com/GN4Help/gn4_introduction_to_gn4.htm
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.miles33.com/news/news/5955/naviga--miles-33--acquisition.html
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.miles33.com/section/14/gn4
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.vulncheck.com/advisories/gn4-publishing-system-idor-information-disclosure
Source: disclosure@vulncheck.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

3Records found
CVE-2026-25497
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.02% / 3.46%
||
7 Day CHG~0.00%
Published-09 Feb, 2026 | 19:50
Updated-19 Feb, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Craft has a GraphQL Asset Mutation Privilege Escalation

Craft is a platform for creating digital experiences. In Craft versions from 4.0.0-RC1 to before 4.17.0-beta.1 and 5.9.0-beta.1, there is a Privilege Escalation vulnerability in Craft CMS’s GraphQL API that allows an authenticated user with write access to one asset volume to escalate their privileges and modify/transfer assets belonging to any other volume, including restricted or private volumes to which they should not have access. The saveAsset GraphQL mutation validates authorization against the schema-resolved volume but fetches the target asset by ID without verifying that the asset belongs to the authorized volume. This allows unauthorized cross-volume asset modification and transfer. This vulnerability is fixed in 4.17.0-beta.1 and 5.9.0-beta.1.

Action-Not Available
Vendor-craftcmscraftcms
Product-craft_cmscms
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-42463
Matching Score-4
Assigner-upKeeper Solutions
ShareView Details
Matching Score-4
Assigner-upKeeper Solutions
CVSS Score-8.6||HIGH
EPSS-0.11% / 29.78%
||
7 Day CHG~0.00%
Published-16 Aug, 2024 | 13:24
Updated-28 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Leak of organizations messages

Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9.

Action-Not Available
Vendor-upkeeperupKeeper Solutionsupkeeper
Product-upkeeper_managerupKeeper Managerupkeeper_manager
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-41077
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-8.6||HIGH
EPSS-0.03% / 8.27%
||
7 Day CHG~0.00%
Published-12 Jan, 2026 | 14:54
Updated-29 Jan, 2026 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple vulnerabilities in Viafirma products

IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data. This allows the user's email addresses to be modified and, subsequently, using the password recovery functionality to access the application by impersonating any user, including those with administrative permissions.

Action-Not Available
Vendor-viafirmaViafirma
Product-inboxInbox
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
Details not found