Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-40658

An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelection.asp.

Published

2025-06-10T10:15:28.237

Last Modified

2025-10-22T13:56:16.287

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-639

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	acc	dm_corporative_cms	< 2025.01	Yes

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-dm-corporative-cms-dmacroweb Third Party Advisory ([email protected])