CVE-2025-4762
LOWeSigna 1.0-1.5 - Unauthenticated Insecure Direct Object Reference and Path Traversal via eSignaViewer
Title source: llmDescription
Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers.
References (1)
Core 1
Scores
CVSS v4
2.0
EPSS
0.0027
EPSS Percentile
18.7%
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (9)
Lleidanet PKI/eSigna
1.3.2
Lleidanet PKI/eSigna
1.4.4
Lleidanet PKI/eSigna
4.0.4
Lleidanet PKI/eSigna
4.1.4
Lleidanet PKI/eSigna
5.0.2
Lleidanet PKI/eSigna
5.1.2
Lleidanet PKI/eSigna
5.2.4
Lleidanet PKI/eSigna
5.3.3
Lleidanet PKI/eSigna
5.4.1
Published
May 15, 2025
Tracked Since
Feb 18, 2026