How to fix CVE-2025-41078?

Within 7 days: Identify all affected systems running the authorization mechanisms of Viafirma Documents and apply vendor patches promptly. Monitor vendor channels for patch availability.

Is Documents affected by CVE-2025-41078?

Organizations using the authorization mechanisms of Viafirma Documents face notable risk from CVE-2025-41078, a incorrect authorization vulnerability rated CVSS 8.1. Attackers could bypass security controls to gain unauthorized access to protected resources and sensitive data.

CVE-2025-41078

HIGH

2026-01-12 [email protected]

Authentication Bypass Documents Documents Compose

8.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 12, 2026 - 15:16 nvd

HIGH 8.1

DescriptionNVD

Weaknesses in the authorization mechanisms of Viafirma Documents v3.7.129 allow an authenticated user without privileges to list and access other user data, use user creation, modification, and deletion features, and escalate privileges by impersonating other users of the application in the generation and signing of documents.

AnalysisAI

Technical ContextAI

Classified as CWE-863 (Incorrect Authorization). Affects Documents. Weaknesses in the authorization mechanisms of Viafirma Documents v3.7.129 allow an authenticated user without privileges to list and access other user data, use user creation, modification, and deletion features, and escalate privileges by impersonating other users of the application in the generation and signing of documents.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2025-41078 vulnerability details – vuln.today

Back