Auth bypass in Cronosweb I2a
CVE-2025-41358
Direct Object Reference Vulnerability (IDOR) in i2A's CronosWeb, in versions prior to 25.00.00.12, inclusive. This vulnerability could allow an authenticated attacker to access other users' documents by manipulating the ‘documentCode’ para…
Vulnerability class: IDOR (Insecure Direct Object Reference)
EPSS: 0.003 (22.6th percentile) — read the EPSS interpretation.
Affected products
- Cronosweb I2a — versions 25.00 and 24.05.