← back
CVE-2025-4762

Insecure Direct Object Reference (IDOR) vulnerability in eSignaViewer

CVSS 2 LOWEPSS 0.3%CWE-20
Vexday Risk Score
8Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 2EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
15 May 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers.
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
Affected products
Lleidanet PKI · eSigna