CVE-2025-40668

by Fred · 09/06/2025

Incorrect authorization vulnerability in TCMAN’s GIM v11. This vulnerability allows an attacker, with low privilege level, to change the password of other users through a POST request using the parameters idUser, PasswordActual, PasswordNew and PasswordNewRepeat in /PC/WebService.aspx/validateChangePassword%C3%B1a. To exploit the vulnerability the PasswordActual parameter must be empty.

Assigner : cve-coordination@incibe.es

More information : https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcman-gim-1

CVE-2025-40668

Similar

Recent Posts

Categories

CVE-2025-40668

Share this:

Similar

Recent Posts

Categories

Tags