Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability
CVE-2025-4762 (GCVE-0-2025-4762)
Vulnerability from cvelistv5 – Published: 2025-05-15 11:49 – Updated: 2025-05-15 13:28
VLAI
Title
Insecure Direct Object Reference (IDOR) vulnerability in eSignaViewer
Summary
Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lleidanet PKI | eSigna |
Unaffected:
1.3.2
Unaffected: 1.4.4 Unaffected: 4.0.4 Unaffected: 4.1.4 Unaffected: 5.0.2 Unaffected: 5.1.2 Unaffected: 5.2.4 Unaffected: 5.3.3 Unaffected: 5.4.1 |
Date Public
2024-12-03 12:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4762",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T13:26:47.028851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T13:28:18.267Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "eSignaViewer",
"product": "eSigna",
"vendor": "Lleidanet PKI",
"versions": [
{
"status": "unaffected",
"version": "1.3.2"
},
{
"status": "unaffected",
"version": "1.4.4"
},
{
"status": "unaffected",
"version": "4.0.4"
},
{
"status": "unaffected",
"version": "4.1.4"
},
{
"status": "unaffected",
"version": "5.0.2"
},
{
"status": "unaffected",
"version": "5.1.2"
},
{
"status": "unaffected",
"version": "5.2.4"
},
{
"status": "unaffected",
"version": "5.3.3"
},
{
"status": "unaffected",
"version": "5.4.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pablo Alcarria Lozano"
}
],
"datePublic": "2024-12-03T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers."
}
],
"value": "Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122: Insecure Direct Object Reference"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T11:50:05.461Z",
"orgId": "8ca67973-55d1-4246-bb7c-ce7e65ad8782",
"shortName": "Edgewatch"
},
"references": [
{
"url": "https://edgewatch.com/vulnerability-advisories/path-traversal-and-idor-vulnerabilities-in-esignaviewer-allow-unauthorized-file-access/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users should immediately upgrade to the corresponding fixed version to eliminate these vulnerabilities and protect sensitive data from unauthorized access."
}
],
"value": "Users should immediately upgrade to the corresponding fixed version to eliminate these vulnerabilities and protect sensitive data from unauthorized access."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insecure Direct Object Reference (IDOR) vulnerability in eSignaViewer",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ca67973-55d1-4246-bb7c-ce7e65ad8782",
"assignerShortName": "Edgewatch",
"cveId": "CVE-2025-4762",
"datePublished": "2025-05-15T11:49:59.054Z",
"dateReserved": "2025-05-15T11:45:21.855Z",
"dateUpdated": "2025-05-15T13:28:18.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}