Auth bypass in Cronosweb I2a

CVE-2025-41358

Direct Object Reference Vulnerability (IDOR) in i2A's CronosWeb, in versions prior to 25.00.00.12, inclusive. This vulnerability could allow an authenticated attacker to access other users' documents by manipulating the ‘documentCode’ para…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.003 (22.6th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References