Skip to main content

Dm Corporative Cms CVE-2025-40659

| EUVDEUVD-2025-17650 HIGH
Authorization Bypass Through User-Controlled Key (CWE-639)
2025-06-10 cve-coordination@incibe.es
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:43 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
2025.01
EUVD ID Assigned
Mar 14, 2026 - 19:49 euvd
EUVD-2025-17650
Analysis Generated
Mar 14, 2026 - 19:49 vuln.today
CVE Published
Jun 10, 2025 - 10:15 nvd
HIGH 7.5

DescriptionCVE.org

An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelectionNetworks.asp.

AnalysisAI

CVE-2025-40659 is an Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS that allows unauthenticated attackers to bypass access controls and view the private administrative area by manipulating the 'option' parameter (values 0, 1, or 2) in the /administer/selectionnode/framesSelectionNetworks.asp endpoint. This high-severity vulnerability (CVSS 7.5) has a high confidentiality impact but does not enable data modification or service disruption. No active exploitation in the wild (KEV) or public proof-of-concept has been confirmed in available intelligence, but the vulnerability's simplicity and unauthenticated attack vector make it a significant priority for affected organizations.

Technical ContextAI

The vulnerability exists in DM Corporative CMS's administrative interface, specifically in the /administer/selectionnode/framesSelectionNetworks.asp file, which is an Active Server Pages (ASP) application component. The root cause is classified under CWE-639 (Authorization Bypass Through User-Controlled Key), a variant of authorization bypass that occurs when application logic depends on user-supplied parameters to determine access control decisions without proper server-side validation. The 'option' parameter appears to be an enumeration controlling which administrative frames or network selection views are rendered; by manipulating this parameter, attackers can access sensitive administrative functions that should require proper authentication and authorization. The vulnerability is a direct object reference vulnerability because the application directly uses client-supplied identifiers (option values 0, 1, 2) to reference backend objects or views without verifying the requesting user has legitimate access to those resources.

RemediationAI

IMMEDIATE ACTIONS: (1) Restrict network access to the /administer/ path using firewall rules, WAF, or web server configuration to allow only trusted administrative IPs. (2) Implement HTTP Basic Authentication or IP whitelisting at the web server level for all /administer/ endpoints. PATCH: Contact DM Corporative for vendor-released security patches addressing this IDOR vulnerability. Apply patches immediately upon release to all affected CMS instances. WORKAROUNDS (if patch unavailable): (3) Disable or rename the /administer/selectionnode/framesSelectionNetworks.asp file if the functionality is not required. (4) Implement a reverse proxy with request filtering to reject requests to this endpoint from unauthenticated sources. (5) Deploy a Web Application Firewall (WAF) rule blocking requests to framesSelectionNetworks.asp that do not originate from authorized administrative networks. VERIFICATION: After remediation, verify that unauthenticated requests to /administer/selectionnode/framesSelectionNetworks.asp?option=0 (or 1, 2) are denied and return HTTP 403 or redirect to login.

Share

CVE-2025-40659 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy