Auth bypass in Acc Dm_corporative_cms
CVE-2025-40658
An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/fr…
Vulnerability class: IDOR (Insecure Direct Object Reference)
EPSS: 0.003 (19.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Acc Dm_corporative_cms
- Dmacroweb Dm Corporative Cms — versions 0
Weakness classification (CWE)
References
- cve-coordination@incibe.es (Third Party Advisory)
Frequently asked questions
- What is CVE-2025-40658?
- CVE-2025-40658 is a high-severity vulnerability in Acc Dm_corporative_cms, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 7.5/10. Published 2025-06-10.
- How severe is CVE-2025-40658?
- High severity. CVSS v3 base score is 7.5 out of 10.