How to fix CVE-2025-40660?

Within 24 hours: Identify all instances of DM Corporative CMS in your environment and assess if they are internet-facing or accessible to untrusted networks. Within 7 days: Implement network-level access controls to restrict access to /administer paths and deploy WAF rules to block requests with suspicious option parameter values (0, 1, 2 in the affected endpoint). Within 30 days: Contact vendor for patch availability timeline; if no patch emerges, plan migration to alternative CMS solutions or maintain strict network segmentation as a permanent control.

Is Dm Corporative Cms affected by CVE-2025-40660?

A critical access control vulnerability in DM Corporative CMS allows attackers to bypass authentication and access administrative functions without proper authorization.

CVE-2025-40660

EUVD-2025-17649 HIGH

2025-06-10 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17649

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

CVE Published

Jun 10, 2025 - 10:15 nvd

HIGH 7.5

Description

An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/select node/data.asp?mode=catalogue&id1=1&id2=1session=&cod=1&networks=0.

Analysis

CVE-2025-40660 is a security vulnerability (CVSS 7.5) that allows an attacker. High severity vulnerability requiring prompt remediation.

Technical Context

CWE-639 (Authorization Bypass (IDOR)). CVSS 7.5 indicates high severity.

Affected Products

['Unspecified product']

Remediation

Monitor vendor channels for patch availability.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +38

POC: 0

CVE-2025-40660 vulnerability details – vuln.today

Back

CVE-2025-40660

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-40660

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code