CVE-2025-40667

Missing authorization vulnerability in TCMAN's GIM v11. This allows an authenticated attacker to access any functionality of the application even when they are not available through the user interface. To exploit the vulnerability the attacker must modify the HTTP code of the response from ‘302 Found’ to ‘200 OK’, as well as the hidden fields hdnReadOnly and hdnUserLogin.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcman-gim-0	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:tcman:gim:11.0:*:*:*:*:*:*:*

History

10 Oct 2025, 20:14

Type	Values Removed	Values Added
References	~~() https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcman-gim-0 -~~	() https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcman-gim-0 - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
CPE		cpe:2.3:a:tcman:gim:11.0:::::::*
First Time		Tcman Tcman gim

28 May 2025, 15:01

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de autorización faltante en GIM v11 de TCMAN. Esto permite a un atacante autenticado acceder a cualquier funcionalidad de la aplicación, incluso si no está disponible a través de la interfaz de usuario. Para explotar esta vulnerabilidad, el atacante debe modificar el código HTTP de la respuesta de "302 Found" a "200 OK", así como los campos ocultos hdnReadOnly y hdnUserLogin.

26 May 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-26 13:15

Updated : 2025-10-10 20:14

NVD link : CVE-2025-40667

Mitre link : CVE-2025-40667

CVE.ORG link : CVE-2025-40667

JSON object : View

Products Affected

tcman

gim

CWE

CWE-862

Missing Authorization

{"id": "CVE-2025-40667", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "cve-coordination@incibe.es", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-26T13:15:20.597", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcman-gim-0", "tags": ["Third Party Advisory"], "source": "cve-coordination@incibe.es"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cve-coordination@incibe.es", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Missing authorization vulnerability in TCMAN's GIM v11. This allows an authenticated attacker to access any functionality of the application even when they are not available through the user interface. To exploit the vulnerability the attacker must modify the HTTP code of the response from \u2018302 Found\u2019 to \u2018200 OK\u2019, as well as the hidden fields hdnReadOnly and hdnUserLogin."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en GIM v11 de TCMAN. Esto permite a un atacante autenticado acceder a cualquier funcionalidad de la aplicaci\u00f3n, incluso si no est\u00e1 disponible a trav\u00e9s de la interfaz de usuario. Para explotar esta vulnerabilidad, el atacante debe modificar el c\u00f3digo HTTP de la respuesta de \"302 Found\" a \"200 OK\", as\u00ed como los campos ocultos hdnReadOnly y hdnUserLogin."}], "lastModified": "2025-10-10T20:14:38.443", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tcman:gim:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6B3BFF6-FD8C-4E8F-8D81-96D988E03C9F"}], "operator": "OR"}]}], "sourceIdentifier": "cve-coordination@incibe.es"}