Description
GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference (IDOR) vulnerability via the API. Authenticated requests to the API's object endpoints allow an authenticated user to request arbitrary user IDs and receive sensitive account data for those users, including the stored password and the account's security question and answer. The exposed recovery data and encrypted password may be used to reset or take over the target account.
References (4)
Core 4
Core References
Various Sources media-coverage
related
https://www.miles33.com/news/news/5955/naviga--miles-33--acquisition.html
Various Sources product
https://nne.navigacloud.com/GN4Help/gn4_introduction_to_gn4.htm
Various Sources product
https://www.miles33.com/section/14/gn4
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/gn4-publishing-system-idor-information-disclosure
Scores
CVSS v4
8.6
EPSS
0.0006
EPSS Percentile
18.8%
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-639
Status
published
Products (1)
Naviga Global / Miles 33/GN4 Publishing System
< 2.6
Published
Oct 24, 2025
Tracked Since
Feb 18, 2026