How to fix EUVD-2025-17456?

Within 24 hours: Identify all systems running TCMAN GIM v11 and restrict network access to /PC/frmGestionUser.aspx to authorized administrators only. Within 7 days: Implement WAF rules to block POST requests to the vulnerable endpoint and enable enhanced logging on user management activities. Within 30 days: Contact vendor for patch availability; if unavailable, evaluate alternative solutions or plan system decommissioning; audit all user accounts created in the past 90 days for unauthorized privilege assignments.

Is Gim affected by EUVD-2025-17456?

A high-severity authorization flaw in TCMAN GIM v11 allows attackers without admin privileges to create new user accounts with elevated permissions, potentially compromising system access controls and data security.

EUVD-2025-17456

| CVE-2025-40670 HIGH

2025-06-09 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 19:21 euvd

EUVD-2025-17456

Analysis Generated

Mar 14, 2026 - 19:21 vuln.today

CVE Published

Jun 09, 2025 - 13:15 nvd

HIGH 8.8

Description

Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to create a user and assign it many privileges by sending a POST request to /PC/frmGestionUser.aspx/updateUser.

Analysis

CVE-2025-40670 is an incorrect authorization vulnerability in TCMAN's GIM (Gestion Integrada de Mantenimiento) v11 that allows an authenticated but unprivileged attacker to escalate privileges by creating new users with elevated permissions through an insecure API endpoint. An attacker with valid (low-privilege) credentials can POST to /PC/frmGestionUser.aspx/updateUser to arbitrarily assign administrative or other high-privilege roles to newly created accounts, resulting in complete system compromise. This vulnerability represents a critical privilege escalation risk in maintenance management systems, potentially affecting industrial and critical infrastructure environments that rely on TCMAN for asset management.

Technical Context

The vulnerability exists in TCMAN GIM v11's user management API endpoint (/PC/frmGestionUser.aspx/updateUser), which implements insufficient authorization checks on the updateUser POST handler. The root cause is classified as CWE-863 (Incorrect Authorization), indicating that the application fails to enforce role-based access controls (RBAC) or attribute-based access controls (ABAC) when processing user privilege assignment requests. Rather than validating that the requesting user has administrative authority to modify user roles or create privileged accounts, the endpoint accepts and processes privilege escalation requests from any authenticated user. The ASP.NET-based endpoint architecture (indicated by .aspx extension) suggests this is a legacy or traditionally-architected web application lacking modern authorization frameworks. The vulnerability likely stems from a missing authorization check between authentication (proving who you are) and authorization (verifying what you're allowed to do), a common pattern in CWE-863 vulnerabilities where authenticated sessions are assumed to have consistent privilege levels across all endpoints.

Affected Products

TCMAN GIM (Gestion Integrada de Mantenimiento) version 11. The vulnerability is specific to v11; earlier or later versions' status is not indicated in the available data. The affected endpoint is /PC/frmGestionUser.aspx/updateUser, suggesting this is a web-based application module. No specific CPE string was provided in the source data, but the product would map to a CPE of approximately cpe:2.3:a:tcman:gim:11:*:*:*:*:*:*:* (pending official CPE publication). The application appears to be an ASP.NET-based system (Windows/.NET stack) used for maintenance and asset management. No vendor advisory links were included in the provided references; these should be sourced directly from TCMAN/vendor security advisories or NIST CVE database.

Remediation

Immediate actions: (1) PATCH: Update TCMAN GIM to a patched version released by the vendor (version number to be confirmed from official TCMAN security advisory); check vendor website or contact support for available patches; (2) TEMPORARY MITIGATION (if patching is delayed): Implement network-level access controls to restrict access to /PC/frmGestionUser.aspx endpoints to authorized administrative networks only, using WAF rules or reverse proxy rules to block POST requests to updateUser from non-administrative sources; (3) ACCESS CONTROL REVIEW: Audit all user accounts created or modified in the timeframe the system was unpatched to identify any unauthorized privilege escalations; remove illegitimate accounts or reset compromised privileges; (4) MONITORING: Implement logging and alerting on updateUser POST requests, particularly those that assign high-privilege roles; monitor for rapid user creation or privilege changes; (5) LEAST PRIVILEGE ENFORCEMENT: Review and enforce the principle of least privilege in TCMAN user roles to minimize impact of future authorization flaws. No specific patch version number was provided; consult TCMAN's official security portal, vendor advisories, or contact [email protected] (if applicable) for patch availability and version numbers.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +44

POC: 0

EUVD-2025-17456 vulnerability details – vuln.today

Back

EUVD-2025-17456

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-17456

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code