CVE-2025-65742

HIGH

Newgen OmniDocs v11.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-65742. PoCs published by CBx216.

AI-analyzed exploit summary This repository contains documentation and PoC references for multiple CVEs in Newgen Software products, including CVE-2025-65742, which involves a Broken Function Level Authorization (BFLA) vulnerability in Newgen OmniDocs LDAP Admin. No exploit code is provided, only a README with CVE details and researcher information.

Description

An unauthenticated Broken Function Level Authorization (BFLA) vulnerability in Newgen OmniDocs v11.0 allows attackers to obtain sensitive information and execute a full account takeover via a crafted API request.

Exploits (1)

nomisec WRITEUP
by CBx216 · poc
https://github.com/CBx216/CVE-Newgen-Software-Advisories

This repository contains documentation and PoC references for multiple CVEs in Newgen Software products, including CVE-2025-65742, which involves a Broken Function Level Authorization (BFLA) vulnerability in Newgen OmniDocs LDAP Admin. No exploit code is provided, only a README with CVE details and researcher information.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Theoretical
Reliability
Theoretical
Target: Newgen OmniDocs (version not specified)
No auth needed
Prerequisites: Access to the vulnerable Newgen OmniDocs LDAP Admin interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 8.2
EPSS 0.0026
EPSS Percentile 16.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (1)
newgensoft/omnidocs 11.0
Published Dec 15, 2025
Tracked Since Feb 18, 2026