Auth bypass in Viafirma Inbox

CVE-2025-41077

IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data. This allows the user's email addresses to be modified and…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.002 (10.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-41077?
CVE-2025-41077 is a high-severity vulnerability in Viafirma Inbox, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 8.1/10. Published 2026-01-12.
How severe is CVE-2025-41077?
High severity. CVSS v3 base score is 8.1 out of 10.