CVE-2025-34293

GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference (IDOR) vulnerability via the API. Authenticated requests to the API's object endpoints allow an authenticated user to request arbitrary user IDs and receive sensitive account data for those users, including the stored password and the account's security question and answer. The exposed recovery data and encrypted password may be used to reset or take over the target account.

CVSS

No CVSS.

References

Link	Resource
https://nne.navigacloud.com/GN4Help/gn4_introduction_to_gn4.htm
https://www.miles33.com/news/news/5955/naviga--miles-33--acquisition.html
https://www.miles33.com/section/14/gn4
https://www.vulncheck.com/advisories/gn4-publishing-system-idor-information-disclosure

Configurations

No configuration.

History

24 Oct 2025, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-10-24 22:15

Updated : 2025-10-24 22:15

NVD link : CVE-2025-34293

Mitre link : CVE-2025-34293

CVE.ORG link : CVE-2025-34293

JSON object : View

Products Affected

No product.

CWE

CWE-639

Authorization Bypass Through User-Controlled Key

{"id": "CVE-2025-34293", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-10-24T22:15:40.210", "references": [{"url": "https://nne.navigacloud.com/GN4Help/gn4_introduction_to_gn4.htm", "source": "disclosure@vulncheck.com"}, {"url": "https://www.miles33.com/news/news/5955/naviga--miles-33--acquisition.html", "source": "disclosure@vulncheck.com"}, {"url": "https://www.miles33.com/section/14/gn4", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/gn4-publishing-system-idor-information-disclosure", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Received", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference (IDOR) vulnerability via the API. Authenticated requests to the API's object endpoints allow an authenticated user to request arbitrary user IDs and receive sensitive account data for those users, including the stored password and the account's security question and answer. The exposed recovery data and encrypted password may be used to reset or take over the target account."}], "lastModified": "2025-10-24T22:15:40.210", "sourceIdentifier": "disclosure@vulncheck.com"}