CVE-2025-4762

Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers.

CVSS

No CVSS.

References

Link	Resource
https://edgewatch.com/vulnerability-advisories/path-traversal-and-idor-vulnerabilities-in-esignaviewer-allow-unauthorized-file-access/

Configurations

No configuration.

History

16 May 2025, 14:43

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de referencia directa a objetos insegura (IDOR) en el componente eSignaViewer en las versiones 1.0 a 1.5 del producto eSigna en todas las plataformas permite que un atacante no autenticado acceda a archivos arbitrarios en el sistema de documentos mediante la manipulación de rutas de archivos e identificadores de objetos.

15 May 2025, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-15 12:15

Updated : 2025-05-16 14:43

NVD link : CVE-2025-4762

Mitre link : CVE-2025-4762

CVE.ORG link : CVE-2025-4762

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2025-4762", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "8ca67973-55d1-4246-bb7c-ce7e65ad8782", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.0, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-15T12:15:23.560", "references": [{"url": "https://edgewatch.com/vulnerability-advisories/path-traversal-and-idor-vulnerabilities-in-esignaviewer-allow-unauthorized-file-access/", "source": "8ca67973-55d1-4246-bb7c-ce7e65ad8782"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "8ca67973-55d1-4246-bb7c-ce7e65ad8782", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers."}, {"lang": "es", "value": "La vulnerabilidad de referencia directa a objetos insegura (IDOR) en el componente eSignaViewer en las versiones 1.0 a 1.5 del producto eSigna en todas las plataformas permite que un atacante no autenticado acceda a archivos arbitrarios en el sistema de documentos mediante la manipulaci\u00f3n de rutas de archivos e identificadores de objetos."}], "lastModified": "2025-05-16T14:43:26.160", "sourceIdentifier": "8ca67973-55d1-4246-bb7c-ce7e65ad8782"}