CVE-2025-40661

HIGH

DM Corporative CMS < 2025.01 - Insecure Direct Object Reference via option Parameter

Title source: llm
STIX 2.1

Description

An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/selection.asp.

References (1)

Core 1

Scores

CVSS v3 7.5
EPSS 0.0028
EPSS Percentile 19.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-639
Status published
Products (1)
acc/dm_corporative_cms < 2025.01
Published Jun 10, 2025
Tracked Since Feb 18, 2026