Skip to main content

Dm Corporative Cms CVE-2025-40658

| EUVDEUVD-2025-17651 HIGH
Authorization Bypass Through User-Controlled Key (CWE-639)
2025-06-10 cve-coordination@incibe.es
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:43 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
2025.01
EUVD ID Assigned
Mar 14, 2026 - 19:49 euvd
EUVD-2025-17651
Analysis Generated
Mar 14, 2026 - 19:49 vuln.today
CVE Published
Jun 10, 2025 - 10:15 nvd
HIGH 7.5

DescriptionCVE.org

An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelection.asp.

AnalysisAI

CVE-2025-40658 is an Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS that allows unauthenticated remote attackers to bypass access controls and view private administrative areas by manipulating the 'option' parameter (values 0, 1, or 2) in the /administer/selectionnode/framesSelection.asp endpoint. The vulnerability has a CVSS 3.1 score of 7.5 (High) with high confidentiality impact, no privilege requirement, and no user interaction needed, making it a significant authentication bypass risk for affected CMS installations.

Technical ContextAI

DM Corporative CMS is a web-based content management system that implements role-based access control through administrative interfaces. The vulnerability exists in the framesSelection.asp component, which is part of the administrative selection node framework. The root cause is CWE-639 (Authorization Bypass Through User-Controlled Key), where the application fails to properly validate that the requesting user has authorization to access administrative functions before processing parameter-based selection logic. The 'option' parameter acts as a direct object reference to administrative screens or data, and the application trusts client-supplied values without server-side authorization checks. This is a classic IDOR vulnerability where predictable parameter values (0, 1, 2) directly correspond to different administrative resources, and the lack of access control (PR:N in CVSS vector) means no authentication or session validation prevents unauthorized access.

RemediationAI

Immediate actions: (1) Apply vendor patch when available—contact DM Corporative for security updates or check vendor advisory portal for CVE-2025-40658 patch release; (2) If patches are unavailable, implement network-level access controls restricting /administer/ paths to authorized IP ranges or VPN; (3) Implement Web Application Firewall (WAF) rules to block requests to /administer/selectionnode/framesSelection.asp with option parameters, or require valid session tokens; (4) Audit access logs for exploitation patterns (requests to /administer/ without corresponding authentication events); (5) Enable HTTP parameter validation and re-implement authorization checks in framesSelection.asp to verify user roles before processing option parameter; (6) Conduct code review of all parameter-based access control in the /administer/ tree to identify similar IDOR issues. Long-term: migrate to updated CMS version with proper authorization framework once patches are validated.

Share

CVE-2025-40658 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy