CVE-2025-34293

high

Description

GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference (IDOR) vulnerability via the API. Authenticated requests to the API's object endpoints allow an authenticated user to request arbitrary user IDs and receive sensitive account data for those users, including the stored password and the account's security question and answer. The exposed recovery data and encrypted password may be used to reset or take over the target account.

References

https://www.vulncheck.com/advisories/gn4-publishing-system-idor-information-disclosure

https://www.miles33.com/section/14/gn4

https://www.miles33.com/news/news/5955/naviga--miles-33--acquisition.html

https://nne.navigacloud.com/GN4Help/gn4_introduction_to_gn4.htm

Details

Source: Mitre, NVD

Published: 2025-10-24

Updated: 2025-10-24

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

CVSS v4

Base Score: 8.6

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.00039