Which versions of E4 Sistemas Mercatus ERP are affected by CVE-2025-9619?

Organizations using A security flaw should be aware of notable risk from CVE-2025-9619 rated CVSS 6.9. Exploitation could compromise the security of affected deployments.

How to fix or mitigate CVE-2025-9619?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

E4 Sistemas Mercatus ERP CVE-2025-9619

Q: What is the CVSS score of CVE-2025-9619?

CVE-2025-9619 has a CVSS 4.0 base score of 6.9 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

MEDIUM

Improper Control of Resource Identifiers ('Resource Injection') (CWE-99)

2025-08-29 cna@vuldb.com

Information Disclosure

6.9

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:09 vuln.today

CVE Published

Aug 29, 2025 - 04:16 nvd

MEDIUM 6.9

DescriptionNVD

A security flaw has been discovered in E4 Sistemas Mercatus ERP 2.00.019. The affected element is an unknown function of the file /basico/webservice/imprimir-danfe/id/. Performing manipulation results in improper control of resource identifiers. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

A security flaw has been discovered in E4 Sistemas Mercatus ERP 2.00.019. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-99. A security flaw has been discovered in E4 Sistemas Mercatus ERP 2.00.019. The affected element is an unknown function of the file /basico/webservice/imprimir-danfe/id/. Performing manipulation results in improper control of resource identifiers. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Affected ProductsAI

E4 Sistemas Mercatus ERP 2.00.019. The affected element.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-9619 vulnerability details – vuln.today

Back

E4 Sistemas Mercatus ERP CVE-2025-9619

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

E4 Sistemas Mercatus ERP CVE-2025-9619

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code