CVE ID : CVE-2025-40668
Published : June 9, 2025, 1:15 p.m. | 2 hours, 26 minutes ago
Description : Incorrect authorization vulnerability in TCMAN’s GIM v11. This vulnerability allows an attacker, with low privilege level, to change the password of other users through a POST request using the parameters idUser, PasswordActual, PasswordNew and PasswordNewRepeat in /PC/WebService.aspx/validateChangePassword%C3%B1a. To exploit the vulnerability the PasswordActual parameter must be empty.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Source: Read More