Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
6DescriptionCVE.org
An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelection.asp.
AnalysisAI
CVE-2025-40658 is an Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS that allows unauthenticated remote attackers to bypass access controls and view private administrative areas by manipulating the 'option' parameter (values 0, 1, or 2) in the /administer/selectionnode/framesSelection.asp endpoint. The vulnerability has a CVSS 3.1 score of 7.5 (High) with high confidentiality impact, no privilege requirement, and no user interaction needed, making it a significant authentication bypass risk for affected CMS installations.
Technical ContextAI
DM Corporative CMS is a web-based content management system that implements role-based access control through administrative interfaces. The vulnerability exists in the framesSelection.asp component, which is part of the administrative selection node framework. The root cause is CWE-639 (Authorization Bypass Through User-Controlled Key), where the application fails to properly validate that the requesting user has authorization to access administrative functions before processing parameter-based selection logic. The 'option' parameter acts as a direct object reference to administrative screens or data, and the application trusts client-supplied values without server-side authorization checks. This is a classic IDOR vulnerability where predictable parameter values (0, 1, 2) directly correspond to different administrative resources, and the lack of access control (PR:N in CVSS vector) means no authentication or session validation prevents unauthorized access.
RemediationAI
Immediate actions: (1) Apply vendor patch when available—contact DM Corporative for security updates or check vendor advisory portal for CVE-2025-40658 patch release; (2) If patches are unavailable, implement network-level access controls restricting /administer/ paths to authorized IP ranges or VPN; (3) Implement Web Application Firewall (WAF) rules to block requests to /administer/selectionnode/framesSelection.asp with option parameters, or require valid session tokens; (4) Audit access logs for exploitation patterns (requests to /administer/ without corresponding authentication events); (5) Enable HTTP parameter validation and re-implement authorization checks in framesSelection.asp to verify user roles before processing option parameter; (6) Conduct code review of all parameter-based access control in the /administer/ tree to identify similar IDOR issues. Long-term: migrate to updated CMS version with proper authorization framework once patches are validated.
More in Dm Corporative Cms
View allCritical unauthenticated SQL injection vulnerability in DM Corporative CMS affecting the /modules/forms/collectform.asp
Critical SQL injection vulnerability in DM Corporative CMS that allows unauthenticated remote attackers to execute arbit
Critical SQL injection vulnerability in DM Corporative CMS affecting the /antcatalogue.asp endpoint's 'name' parameter,
A critical SQL injection vulnerability (CVE-2025-40654) exists in DM Corporative CMS affecting the /antbuspre.asp endpoi
CVE-2025-40662 is an absolute path disclosure vulnerability in DM Corporative CMS that exposes sensitive filesystem info
CVE-2025-40661 is an Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS that allows unauthentic
CVE-2025-40660 is a security vulnerability (CVSS 7.5) that allows an attacker. High severity vulnerability requiring pro
CVE-2025-40659 is an Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS that allows unauthentic
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-17651