Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-40669

Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to modify the permissions held by each of the application's users, including the user himself by sending a POST request to /PC/Options.aspx?Command=2&Page=-1.

Published

2025-06-09T13:15:22.803

Last Modified

2025-10-06T19:37:27.340

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-863

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	tcman	gim	11.0	Yes

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcman-gim-1 Third Party Advisory ([email protected])