CVE-2025-51628

HIGH

Agenzia Impresa Eccobook <v2.81.1 - IDOR

Title source: llm

Description

Insecure Direct Object Reference (IDOR) vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter.

References (3)

Core 3

Core References

Various Sources

http://agenzia.com

Various Sources

http://eccobook.com

Various Sources

https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-2025-51628%20%7C%20Eccobook.md

View Writeup ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0015

EPSS Percentile 35.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-639

Status published

Published Aug 05, 2025

Tracked Since Feb 18, 2026