Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-3574

Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/obtenerFamiliaUsuario" endpoint.

Published

2025-04-15T09:15:13.500

Last Modified

2025-04-15T18:39:27.967

Status

Awaiting Analysis

Source

[email protected]

Severity

Weaknesses

Type: Secondary
CWE-639

Affected Vendors & Products

References

https://www.incibe.es/en/incibe-cert/notices/aviso/insecure-direct-object-reference-deporsite-t-innova ([email protected])