Search criteria
2 vulnerabilities found for Gestão de Locação by Sistemas Pleno
CVE-2025-10947 (GCVE-0-2025-10947)
Vulnerability from nvd – Published: 2025-09-25 13:02 – Updated: 2026-03-25 12:30
VLAI
Title
Sistemas Pleno Gestão de Locação CPF validarCpf authorization
Summary
A flaw has been found in Sistemas Pleno Gestão de Locação up to 2025.7.x. The impacted element is an unknown function of the file /api/areacliente/pessoa/validarCpf of the component CPF Handler. Executing a manipulation of the argument pes_cpf can lead to authorization bypass. The attack can be executed remotely. The exploit has been published and may be used. Upgrading to version 2025.8.0 is sufficient to resolve this issue. It is advisable to upgrade the affected component.
Severity
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.325817 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.325817 | signaturepermissions-required |
| https://vuldb.com/?submit.652282 | third-party-advisory |
| https://github.com/lfparizzi/CVE-Sistemas_Pleno/t… | related |
| https://github.com/lfparizzi/CVE-Sistemas_Pleno/t… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sistemas Pleno | Gestão de Locação |
Affected:
2025.0
Affected: 2025.1 Affected: 2025.2 Affected: 2025.3 Affected: 2025.4 Affected: 2025.5 Affected: 2025.6 Affected: 2025.7 Unaffected: 2025.8.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10947",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-25T13:14:30.582453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T13:14:33.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/lfparizzi/CVE-Sistemas_Pleno/tree/main"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/lfparizzi/CVE-Sistemas_Pleno/tree/main?tab=readme-ov-file#-proofs"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"CPF Handler"
],
"product": "Gest\u00e3o de Loca\u00e7\u00e3o",
"vendor": "Sistemas Pleno",
"versions": [
{
"status": "affected",
"version": "2025.0"
},
{
"status": "affected",
"version": "2025.1"
},
{
"status": "affected",
"version": "2025.2"
},
{
"status": "affected",
"version": "2025.3"
},
{
"status": "affected",
"version": "2025.4"
},
{
"status": "affected",
"version": "2025.5"
},
{
"status": "affected",
"version": "2025.6"
},
{
"status": "affected",
"version": "2025.7"
},
{
"status": "unaffected",
"version": "2025.8.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Syrtain (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in Sistemas Pleno Gest\u00e3o de Loca\u00e7\u00e3o up to 2025.7.x. The impacted element is an unknown function of the file /api/areacliente/pessoa/validarCpf of the component CPF Handler. Executing a manipulation of the argument pes_cpf can lead to authorization bypass. The attack can be executed remotely. The exploit has been published and may be used. Upgrading to version 2025.8.0 is sufficient to resolve this issue. It is advisable to upgrade the affected component."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T12:30:18.684Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-325817 | Sistemas Pleno Gest\u00e3o de Loca\u00e7\u00e3o CPF validarCpf authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.325817"
},
{
"name": "VDB-325817 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.325817"
},
{
"name": "Submit #652282 | Sistemas Pleno Gest\u00e3o de Loca\u00e7\u00e3o Prior to 2025.8.0 Insecure Direct Object Reference (IDOR)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.652282"
},
{
"tags": [
"related"
],
"url": "https://github.com/lfparizzi/CVE-Sistemas_Pleno/tree/main"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/lfparizzi/CVE-Sistemas_Pleno/tree/main?tab=readme-ov-file#-proofs"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-25T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-26T17:12:17.000Z",
"value": "VulDB entry last update"
}
],
"title": "Sistemas Pleno Gest\u00e3o de Loca\u00e7\u00e3o CPF validarCpf authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10947",
"datePublished": "2025-09-25T13:02:09.244Z",
"dateReserved": "2025-09-25T06:01:51.197Z",
"dateUpdated": "2026-03-25T12:30:18.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10947 (GCVE-0-2025-10947)
Vulnerability from cvelistv5 – Published: 2025-09-25 13:02 – Updated: 2026-03-25 12:30
VLAI
Title
Sistemas Pleno Gestão de Locação CPF validarCpf authorization
Summary
A flaw has been found in Sistemas Pleno Gestão de Locação up to 2025.7.x. The impacted element is an unknown function of the file /api/areacliente/pessoa/validarCpf of the component CPF Handler. Executing a manipulation of the argument pes_cpf can lead to authorization bypass. The attack can be executed remotely. The exploit has been published and may be used. Upgrading to version 2025.8.0 is sufficient to resolve this issue. It is advisable to upgrade the affected component.
Severity
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.325817 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.325817 | signaturepermissions-required |
| https://vuldb.com/?submit.652282 | third-party-advisory |
| https://github.com/lfparizzi/CVE-Sistemas_Pleno/t… | related |
| https://github.com/lfparizzi/CVE-Sistemas_Pleno/t… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sistemas Pleno | Gestão de Locação |
Affected:
2025.0
Affected: 2025.1 Affected: 2025.2 Affected: 2025.3 Affected: 2025.4 Affected: 2025.5 Affected: 2025.6 Affected: 2025.7 Unaffected: 2025.8.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10947",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-25T13:14:30.582453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T13:14:33.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/lfparizzi/CVE-Sistemas_Pleno/tree/main"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/lfparizzi/CVE-Sistemas_Pleno/tree/main?tab=readme-ov-file#-proofs"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"CPF Handler"
],
"product": "Gest\u00e3o de Loca\u00e7\u00e3o",
"vendor": "Sistemas Pleno",
"versions": [
{
"status": "affected",
"version": "2025.0"
},
{
"status": "affected",
"version": "2025.1"
},
{
"status": "affected",
"version": "2025.2"
},
{
"status": "affected",
"version": "2025.3"
},
{
"status": "affected",
"version": "2025.4"
},
{
"status": "affected",
"version": "2025.5"
},
{
"status": "affected",
"version": "2025.6"
},
{
"status": "affected",
"version": "2025.7"
},
{
"status": "unaffected",
"version": "2025.8.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Syrtain (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in Sistemas Pleno Gest\u00e3o de Loca\u00e7\u00e3o up to 2025.7.x. The impacted element is an unknown function of the file /api/areacliente/pessoa/validarCpf of the component CPF Handler. Executing a manipulation of the argument pes_cpf can lead to authorization bypass. The attack can be executed remotely. The exploit has been published and may be used. Upgrading to version 2025.8.0 is sufficient to resolve this issue. It is advisable to upgrade the affected component."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T12:30:18.684Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-325817 | Sistemas Pleno Gest\u00e3o de Loca\u00e7\u00e3o CPF validarCpf authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.325817"
},
{
"name": "VDB-325817 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.325817"
},
{
"name": "Submit #652282 | Sistemas Pleno Gest\u00e3o de Loca\u00e7\u00e3o Prior to 2025.8.0 Insecure Direct Object Reference (IDOR)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.652282"
},
{
"tags": [
"related"
],
"url": "https://github.com/lfparizzi/CVE-Sistemas_Pleno/tree/main"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/lfparizzi/CVE-Sistemas_Pleno/tree/main?tab=readme-ov-file#-proofs"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-25T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-26T17:12:17.000Z",
"value": "VulDB entry last update"
}
],
"title": "Sistemas Pleno Gest\u00e3o de Loca\u00e7\u00e3o CPF validarCpf authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10947",
"datePublished": "2025-09-25T13:02:09.244Z",
"dateReserved": "2025-09-25T06:01:51.197Z",
"dateUpdated": "2026-03-25T12:30:18.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}