Search
Find a vulnerability
Search criteria
1 vulnerability
CVE-2025-4762 (GCVE-0-2025-4762)
Vulnerability from cvelistv5 – Published: 2025-05-15 11:49 – Updated: 2025-05-15 13:28
VLAI
EPSS
VEX
Title
Insecure Direct Object Reference (IDOR) vulnerability in eSignaViewer
Summary
Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lleidanet PKI | eSigna |
Unaffected:
1.3.2
Unaffected: 1.4.4 Unaffected: 4.0.4 Unaffected: 4.1.4 Unaffected: 5.0.2 Unaffected: 5.1.2 Unaffected: 5.2.4 Unaffected: 5.3.3 Unaffected: 5.4.1 |
Date Public
2024-12-03 12:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4762",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T13:26:47.028851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T13:28:18.267Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "eSignaViewer",
"product": "eSigna",
"vendor": "Lleidanet PKI",
"versions": [
{
"status": "unaffected",
"version": "1.3.2"
},
{
"status": "unaffected",
"version": "1.4.4"
},
{
"status": "unaffected",
"version": "4.0.4"
},
{
"status": "unaffected",
"version": "4.1.4"
},
{
"status": "unaffected",
"version": "5.0.2"
},
{
"status": "unaffected",
"version": "5.1.2"
},
{
"status": "unaffected",
"version": "5.2.4"
},
{
"status": "unaffected",
"version": "5.3.3"
},
{
"status": "unaffected",
"version": "5.4.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pablo Alcarria Lozano"
}
],
"datePublic": "2024-12-03T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers."
}
],
"value": "Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122: Insecure Direct Object Reference"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T11:50:05.461Z",
"orgId": "8ca67973-55d1-4246-bb7c-ce7e65ad8782",
"shortName": "Edgewatch"
},
"references": [
{
"url": "https://edgewatch.com/vulnerability-advisories/path-traversal-and-idor-vulnerabilities-in-esignaviewer-allow-unauthorized-file-access/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users should immediately upgrade to the corresponding fixed version to eliminate these vulnerabilities and protect sensitive data from unauthorized access."
}
],
"value": "Users should immediately upgrade to the corresponding fixed version to eliminate these vulnerabilities and protect sensitive data from unauthorized access."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insecure Direct Object Reference (IDOR) vulnerability in eSignaViewer",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ca67973-55d1-4246-bb7c-ce7e65ad8782",
"assignerShortName": "Edgewatch",
"cveId": "CVE-2025-4762",
"datePublished": "2025-05-15T11:49:59.054Z",
"dateReserved": "2025-05-15T11:45:21.855Z",
"dateUpdated": "2025-05-15T13:28:18.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}