{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-4762", "assignerOrgId": "8ca67973-55d1-4246-bb7c-ce7e65ad8782", "state": "PUBLISHED", "assignerShortName": "Edgewatch", "dateReserved": "2025-05-15T11:45:21.855Z", "datePublished": "2025-05-15T11:49:59.054Z", "dateUpdated": "2025-05-15T13:28:18.267Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "packageName": "eSignaViewer", "product": "eSigna", "vendor": "Lleidanet PKI", "versions": [{"status": "unaffected", "version": "1.3.2"}, {"status": "unaffected", "version": "1.4.4"}, {"status": "unaffected", "version": "4.0.4"}, {"status": "unaffected", "version": "4.1.4"}, {"status": "unaffected", "version": "5.0.2"}, {"status": "unaffected", "version": "5.1.2"}, {"status": "unaffected", "version": "5.2.4"}, {"status": "unaffected", "version": "5.3.3"}, {"status": "unaffected", "version": "5.4.1"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Pablo Alcarria Lozano"}], "datePublic": "2024-12-03T12:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers."}], "value": "Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers."}], "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122: Insecure Direct Object Reference"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 2, "baseSeverity": "LOW", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8ca67973-55d1-4246-bb7c-ce7e65ad8782", "shortName": "Edgewatch", "dateUpdated": "2025-05-15T11:50:05.461Z"}, "references": [{"url": "https://edgewatch.com/vulnerability-advisories/path-traversal-and-idor-vulnerabilities-in-esignaviewer-allow-unauthorized-file-access/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Users should immediately upgrade to the corresponding fixed version to eliminate these vulnerabilities and protect sensitive data from unauthorized access."}], "value": "Users should immediately upgrade to the corresponding fixed version to eliminate these vulnerabilities and protect sensitive data from unauthorized access."}], "source": {"discovery": "UNKNOWN"}, "title": "Insecure Direct Object Reference (IDOR) vulnerability in eSignaViewer", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-15T13:26:47.028851Z", "id": "CVE-2025-4762", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-15T13:28:18.267Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4762", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-15T13:26:47.028851Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-15T13:27:16.048Z"}}], "cna": {"title": "Insecure Direct Object Reference (IDOR) vulnerability in eSignaViewer", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Pablo Alcarria Lozano"}], "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122: Insecure Direct Object Reference"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Lleidanet PKI", "product": "eSigna", "versions": [{"status": "unaffected", "version": "1.3.2"}, {"status": "unaffected", "version": "1.4.4"}, {"status": "unaffected", "version": "4.0.4"}, {"status": "unaffected", "version": "4.1.4"}, {"status": "unaffected", "version": "5.0.2"}, {"status": "unaffected", "version": "5.1.2"}, {"status": "unaffected", "version": "5.2.4"}, {"status": "unaffected", "version": "5.3.3"}, {"status": "unaffected", "version": "5.4.1"}], "packageName": "eSignaViewer", "defaultStatus": "affected"}], "solutions": [{"lang": "en", "value": "Users should immediately upgrade to the corresponding fixed version to eliminate these vulnerabilities and protect sensitive data from unauthorized access.", "supportingMedia": [{"type": "text/html", "value": "Users should immediately upgrade to the corresponding fixed version to eliminate these vulnerabilities and protect sensitive data from unauthorized access.", "base64": false}]}], "datePublic": "2024-12-03T12:00:00.000Z", "references": [{"url": "https://edgewatch.com/vulnerability-advisories/path-traversal-and-idor-vulnerabilities-in-esignaviewer-allow-unauthorized-file-access/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers.", "supportingMedia": [{"type": "text/html", "value": "Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation"}]}], "providerMetadata": {"orgId": "8ca67973-55d1-4246-bb7c-ce7e65ad8782", "shortName": "Edgewatch", "dateUpdated": "2025-05-15T11:50:05.461Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4762", "state": "PUBLISHED", "dateUpdated": "2025-05-15T13:28:18.267Z", "dateReserved": "2025-05-15T11:45:21.855Z", "assignerOrgId": "8ca67973-55d1-4246-bb7c-ce7e65ad8782", "datePublished": "2025-05-15T11:49:59.054Z", "assignerShortName": "Edgewatch"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers."}, {"lang": "es", "value": "La vulnerabilidad de referencia directa a objetos insegura (IDOR) en el componente eSignaViewer en las versiones 1.0 a 1.5 del producto eSigna en todas las plataformas permite que un atacante no autenticado acceda a archivos arbitrarios en el sistema de documentos mediante la manipulaci\u00f3n de rutas de archivos e identificadores de objetos."}], "id": "CVE-2025-4762", "lastModified": "2025-05-16T14:43:26.160", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.0, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "8ca67973-55d1-4246-bb7c-ce7e65ad8782", "type": "Secondary"}]}, "published": "2025-05-15T12:15:23.560", "references": [{"source": "8ca67973-55d1-4246-bb7c-ce7e65ad8782", "url": "https://edgewatch.com/vulnerability-advisories/path-traversal-and-idor-vulnerabilities-in-esignaviewer-allow-unauthorized-file-access/"}], "sourceIdentifier": "8ca67973-55d1-4246-bb7c-ce7e65ad8782", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "8ca67973-55d1-4246-bb7c-ce7e65ad8782", "type": "Secondary"}]}

{}

{}