Direct request ('Forced Browsing') issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 30 Sep 2025 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Irohasoft
Irohasoft iroha Board
CPEs cpe:2.3:a:irohasoft:iroha_board:*:*:*:*:*:*:*:*
Vendors & Products Irohasoft
Irohasoft iroha Board

Thu, 26 Jun 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 26 Jun 2025 06:15:00 +0000

Type Values Removed Values Added
Description Direct request ('Forced Browsing') issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product.
Weaknesses CWE-425
References
Metrics cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2025-06-26T13:19:09.569Z

Reserved: 2025-06-23T05:26:28.638Z

Link: CVE-2025-41404

cve-icon Vulnrichment

Updated: 2025-06-26T13:19:05.752Z

cve-icon NVD

Status : Analyzed

Published: 2025-06-26T06:15:23.497

Modified: 2025-09-30T20:28:30.040

Link: CVE-2025-41404

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.