Vulnerabilities

CVE-2025-40645

by Fred · 02/10/2025

Exposure of sensitive information in Viday. This vulnerability could allow an unauthenticated attacker to obtain sensitive information about customers by sending an HTTP GET request to “/api/reserva/web/clients” using the “phone” parameter.

More information : https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-viday

Similar

Tags: Cybersecurity Alert