Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
6DescriptionCVE.org
An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/select node/data.asp?mode=catalogue&id1=1&id2=1session=&cod=1&networks=0.
AnalysisAI
CVE-2025-40660 is a security vulnerability (CVSS 7.5) that allows an attacker. High severity vulnerability requiring prompt remediation.
Technical ContextAI
CWE-639 (Authorization Bypass (IDOR)). CVSS 7.5 indicates high severity.
RemediationAI
Monitor vendor channels for patch availability.
More in Dm Corporative Cms
View allCritical unauthenticated SQL injection vulnerability in DM Corporative CMS affecting the /modules/forms/collectform.asp
Critical SQL injection vulnerability in DM Corporative CMS that allows unauthenticated remote attackers to execute arbit
Critical SQL injection vulnerability in DM Corporative CMS affecting the /antcatalogue.asp endpoint's 'name' parameter,
A critical SQL injection vulnerability (CVE-2025-40654) exists in DM Corporative CMS affecting the /antbuspre.asp endpoi
CVE-2025-40662 is an absolute path disclosure vulnerability in DM Corporative CMS that exposes sensitive filesystem info
CVE-2025-40661 is an Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS that allows unauthentic
CVE-2025-40659 is an Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS that allows unauthentic
CVE-2025-40658 is an Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS that allows unauthentic
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-17649