CVE-2025-40667 (GCVE-0-2025-40667)

Vulnerability from cvelistv5 – Published: 2025-05-26 12:49 – Updated: 2025-05-27 14:15
VLAI?
Summary
Missing authorization vulnerability in TCMAN's GIM v11. This allows an authenticated attacker to access any functionality of the application even when they are not available through the user interface. To exploit the vulnerability the attacker must modify the HTTP code of the response from ‘302 Found’ to ‘200 OK’, as well as the hidden fields hdnReadOnly and hdnUserLogin.
Severity ?
8.7 (High)
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
CWE
Assigner
References
Impacted products
Vendor Product Version
TCMAN GIM Affected: 11
Create a notification for this product.
Credits
Carlos Aguadé
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-40667",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-27T14:15:16.898546Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-27T14:15:27.673Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "GIM",
          "vendor": "TCMAN",
          "versions": [
            {
              "status": "affected",
              "version": "11"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Carlos Aguad\u00e9"
        }
      ],
      "datePublic": "2025-05-26T10:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Missing authorization vulnerability in TCMAN\u0027s GIM v11. This allows an authenticated attacker to access any functionality of the application even when they are not available through the user interface. To exploit the vulnerability the attacker must modify the HTTP code of the response from \u2018302 Found\u2019 to \u2018200 OK\u2019, as well as the hidden fields hdnReadOnly and hdnUserLogin."
            }
          ],
          "value": "Missing authorization vulnerability in TCMAN\u0027s GIM v11. This allows an authenticated attacker to access any functionality of the application even when they are not available through the user interface. To exploit the vulnerability the attacker must modify the HTTP code of the response from \u2018302 Found\u2019 to \u2018200 OK\u2019, as well as the hidden fields hdnReadOnly and hdnUserLogin."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-26T12:49:49.315Z",
        "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "shortName": "INCIBE"
      },
      "references": [
        {
          "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcman-gim-0"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The vulnerability has been fixed by the TCMAN team in the 20241112 release."
            }
          ],
          "value": "The vulnerability has been fixed by the TCMAN team in the 20241112 release."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Missing authorization vulnerability in TCMAN GIM v11",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
    "assignerShortName": "INCIBE",
    "cveId": "CVE-2025-40667",
    "datePublished": "2025-05-26T12:49:49.315Z",
    "dateReserved": "2025-04-16T08:38:14.998Z",
    "dateUpdated": "2025-05-27T14:15:27.673Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-40667\",\"sourceIdentifier\":\"cve-coordination@incibe.es\",\"published\":\"2025-05-26T13:15:20.597\",\"lastModified\":\"2025-10-10T20:14:38.443\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Missing authorization vulnerability in TCMAN\u0027s GIM v11. This allows an authenticated attacker to access any functionality of the application even when they are not available through the user interface. To exploit the vulnerability the attacker must modify the HTTP code of the response from \u2018302 Found\u2019 to \u2018200 OK\u2019, as well as the hidden fields hdnReadOnly and hdnUserLogin.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de autorizaci\u00f3n faltante en GIM v11 de TCMAN. Esto permite a un atacante autenticado acceder a cualquier funcionalidad de la aplicaci\u00f3n, incluso si no est\u00e1 disponible a trav\u00e9s de la interfaz de usuario. Para explotar esta vulnerabilidad, el atacante debe modificar el c\u00f3digo HTTP de la respuesta de \\\"302 Found\\\" a \\\"200 OK\\\", as\u00ed como los campos ocultos hdnReadOnly y hdnUserLogin.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cve-coordination@incibe.es\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"cve-coordination@incibe.es\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tcman:gim:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6B3BFF6-FD8C-4E8F-8D81-96D988E03C9F\"}]}]}],\"references\":[{\"url\":\"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcman-gim-0\",\"source\":\"cve-coordination@incibe.es\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-40667\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-27T14:15:16.898546Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-27T14:15:23.546Z\"}}], \"cna\": {\"title\": \"Missing authorization vulnerability in TCMAN GIM v11\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Carlos Aguad\\u00e9\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.7, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"TCMAN\", \"product\": \"GIM\", \"versions\": [{\"status\": \"affected\", \"version\": \"11\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The vulnerability has been fixed by the TCMAN team in the 20241112 release.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The vulnerability has been fixed by the TCMAN team in the 20241112 release.\", \"base64\": false}]}], \"datePublic\": \"2025-05-26T10:00:00.000Z\", \"references\": [{\"url\": \"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcman-gim-0\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Missing authorization vulnerability in TCMAN\u0027s GIM v11. This allows an authenticated attacker to access any functionality of the application even when they are not available through the user interface. To exploit the vulnerability the attacker must modify the HTTP code of the response from \\u2018302 Found\\u2019 to \\u2018200 OK\\u2019, as well as the hidden fields hdnReadOnly and hdnUserLogin.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Missing authorization vulnerability in TCMAN\u0027s GIM v11. This allows an authenticated attacker to access any functionality of the application even when they are not available through the user interface. To exploit the vulnerability the attacker must modify the HTTP code of the response from \\u2018302 Found\\u2019 to \\u2018200 OK\\u2019, as well as the hidden fields hdnReadOnly and hdnUserLogin.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-862\", \"description\": \"CWE-862 Missing Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"0cbda920-cd7f-484a-8e76-bf7f4b7f4516\", \"shortName\": \"INCIBE\", \"dateUpdated\": \"2025-05-26T12:49:49.315Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-40667\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-27T14:15:27.673Z\", \"dateReserved\": \"2025-04-16T08:38:14.998Z\", \"assignerOrgId\": \"0cbda920-cd7f-484a-8e76-bf7f4b7f4516\", \"datePublished\": \"2025-05-26T12:49:49.315Z\", \"assignerShortName\": \"INCIBE\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.