Auth bypass in Viafirma Inbox
CVE-2025-41077
IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data. This allows the user's email addresses to be modified and…
Vulnerability class: IDOR (Insecure Direct Object Reference)
EPSS: 0.002 (10.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.
Affected products
- Viafirma Inbox — versions v4.5.13
Weakness classification (CWE)
References
- cve-coordination@incibe.es (Third Party Advisory)
Frequently asked questions
- What is CVE-2025-41077?
- CVE-2025-41077 is a high-severity vulnerability in Viafirma Inbox, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 8.1/10. Published 2026-01-12.
- How severe is CVE-2025-41077?
- High severity. CVSS v3 base score is 8.1 out of 10.