Search criteria
2 vulnerabilities by Grupo Castilla
CVE-2025-12461 (GCVE-0-2025-12461)
Vulnerability from cvelistv5 – Published: 2025-10-29 10:51 – Updated: 2025-10-29 13:33
VLAI?
Title
Unprotected access to parts of the application in Epsilon RH by Grupo Castilla
Summary
This vulnerability allows an attacker to access parts of the application that are not protected by any type of access control. The attacker could access this path ‘…/epsilonnet/License/About.aspx’ and obtain information on both the licence and the configuration of the product by knowing which modules are installed.
Severity ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Grupo Castilla | Epsilon RH |
Affected:
3.03.36.0185
|
Credits
Oscar Atienza
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-29T13:33:16.866056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T13:33:58.079Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Epsilon RH",
"vendor": "Grupo Castilla",
"versions": [
{
"status": "affected",
"version": "3.03.36.0185"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:grupo_castilla:epsilon_rh:3.03.36.0185:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Oscar Atienza"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability allows an attacker to access parts of the application that are not protected by any type of access control. The attacker could access this path \u2018\u2026/epsilonnet/License/About.aspx\u2019 and obtain information on both the licence and the configuration of the product by knowing which modules are installed."
}
],
"value": "This vulnerability allows an attacker to access parts of the application that are not protected by any type of access control. The attacker could access this path \u2018\u2026/epsilonnet/License/About.aspx\u2019 and obtain information on both the licence and the configuration of the product by knowing which modules are installed."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T10:51:36.915Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/unprotected-access-parts-application-epsilon-rh-grupo-castilla"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the product to v3.03.36.0186 or higher."
}
],
"value": "Update the product to v3.03.36.0186 or higher."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unprotected access to parts of the application in Epsilon RH by Grupo Castilla",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-12461",
"datePublished": "2025-10-29T10:51:36.915Z",
"dateReserved": "2025-10-29T10:23:47.181Z",
"dateUpdated": "2025-10-29T13:33:58.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41028 (GCVE-0-2025-41028)
Vulnerability from cvelistv5 – Published: 2025-10-20 09:00 – Updated: 2025-10-20 12:42
VLAI?
Title
SQL injection in Epsilon RH
Summary
A SQL Injection vulnerability has been found in Epsilon RH by Grupo Castilla. This vulnerability allows an attacker to retrieve, create, update and delete database via sending a POST request using the parameter ‘sEstadoUsr’ in ‘/epsilonnetws/WSAvisos.asmx’.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Grupo Castilla | Epsilon RH |
Affected:
3.03.36.010
|
Credits
Pedro Gabaldón Juliá
Javier Medina Munuera
Antonio José Gálvez Sánchez
Alejandro Baño Andrés
Álvaro Piñero Laorden
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41028",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-20T12:22:12.350662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T12:42:02.576Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Epsilon RH",
"vendor": "Grupo Castilla",
"versions": [
{
"status": "affected",
"version": "3.03.36.010"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pedro Gabald\u00f3n Juli\u00e1"
},
{
"lang": "en",
"type": "finder",
"value": "Javier Medina Munuera"
},
{
"lang": "en",
"type": "finder",
"value": "Antonio Jos\u00e9 G\u00e1lvez S\u00e1nchez"
},
{
"lang": "en",
"type": "finder",
"value": "Alejandro Ba\u00f1o Andr\u00e9s"
},
{
"lang": "en",
"type": "finder",
"value": "\u00c1lvaro Pi\u00f1ero Laorden"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL Injection vulnerability has been found in Epsilon RH by Grupo Castilla. This vulnerability allows an attacker to retrieve, create, update and delete database via sending a POST request using the parameter \u2018sEstadoUsr\u2019 in \u2018/epsilonnetws/WSAvisos.asmx\u2019.\u003cbr\u003e"
}
],
"value": "A SQL Injection vulnerability has been found in Epsilon RH by Grupo Castilla. This vulnerability allows an attacker to retrieve, create, update and delete database via sending a POST request using the parameter \u2018sEstadoUsr\u2019 in \u2018/epsilonnetws/WSAvisos.asmx\u2019."
}
],
"impacts": [
{
"capecId": "CAPEC-108",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-108 Command Line Execution through SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T12:26:43.255Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-epsilon-rh"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL injection in Epsilon RH",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-41028",
"datePublished": "2025-10-20T09:00:59.562Z",
"dateReserved": "2025-04-16T09:09:26.929Z",
"dateUpdated": "2025-10-20T12:42:02.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}