CVE-2025-40667

Missing authorization vulnerability in TCMAN's GIM v11. This allows an authenticated attacker to access any functionality of the application even when they are not available through the user interface. To exploit the vulnerability the attacker must modify the HTTP code of the response from ‘302 Found’ to ‘200 OK’, as well as the hidden fields hdnReadOnly and hdnUserLogin.

CVSS

No CVSS.

References

Link	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcman-gim-0

Configurations

No configuration.

History

28 May 2025, 15:01

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de autorización faltante en GIM v11 de TCMAN. Esto permite a un atacante autenticado acceder a cualquier funcionalidad de la aplicación, incluso si no está disponible a través de la interfaz de usuario. Para explotar esta vulnerabilidad, el atacante debe modificar el código HTTP de la respuesta de "302 Found" a "200 OK", así como los campos ocultos hdnReadOnly y hdnUserLogin.

26 May 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-26 13:15

Updated : 2025-05-28 15:01

NVD link : CVE-2025-40667

Mitre link : CVE-2025-40667

CVE.ORG link : CVE-2025-40667

JSON object : View

Products Affected

No product.

CWE

CWE-862

Missing Authorization

{"id": "CVE-2025-40667", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cve-coordination@incibe.es", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-26T13:15:20.597", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcman-gim-0", "source": "cve-coordination@incibe.es"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cve-coordination@incibe.es", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Missing authorization vulnerability in TCMAN's GIM v11. This allows an authenticated attacker to access any functionality of the application even when they are not available through the user interface. To exploit the vulnerability the attacker must modify the HTTP code of the response from \u2018302 Found\u2019 to \u2018200 OK\u2019, as well as the hidden fields hdnReadOnly and hdnUserLogin."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en GIM v11 de TCMAN. Esto permite a un atacante autenticado acceder a cualquier funcionalidad de la aplicaci\u00f3n, incluso si no est\u00e1 disponible a trav\u00e9s de la interfaz de usuario. Para explotar esta vulnerabilidad, el atacante debe modificar el c\u00f3digo HTTP de la respuesta de \"302 Found\" a \"200 OK\", as\u00ed como los campos ocultos hdnReadOnly y hdnUserLogin."}], "lastModified": "2025-05-28T15:01:30.720", "sourceIdentifier": "cve-coordination@incibe.es"}