EUVD-2025-17650
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3Description
An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelectionNetworks.asp.
Analysis
CVE-2025-40659 is an Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS that allows unauthenticated attackers to bypass access controls and view the private administrative area by manipulating the 'option' parameter (values 0, 1, or 2) in the /administer/selectionnode/framesSelectionNetworks.asp endpoint. This high-severity vulnerability (CVSS 7.5) has a high confidentiality impact but does not enable data modification or service disruption. No active exploitation in the wild (KEV) or public proof-of-concept has been confirmed in available intelligence, but the vulnerability's simplicity and unauthenticated attack vector make it a significant priority for affected organizations.
Technical Context
The vulnerability exists in DM Corporative CMS's administrative interface, specifically in the /administer/selectionnode/framesSelectionNetworks.asp file, which is an Active Server Pages (ASP) application component. The root cause is classified under CWE-639 (Authorization Bypass Through User-Controlled Key), a variant of authorization bypass that occurs when application logic depends on user-supplied parameters to determine access control decisions without proper server-side validation. The 'option' parameter appears to be an enumeration controlling which administrative frames or network selection views are rendered; by manipulating this parameter, attackers can access sensitive administrative functions that should require proper authentication and authorization. The vulnerability is a direct object reference vulnerability because the application directly uses client-supplied identifiers (option values 0, 1, 2) to reference backend objects or views without verifying the requesting user has legitimate access to those resources.
Affected Products
DM Corporative CMS (all versions not explicitly patched). Based on the vulnerability description referencing ASP-based endpoints, the affected platform is DM Corporative CMS running on Windows/IIS infrastructure. Specific CPE would be: cpe:2.3:a:dm_corporative:dm_corporative_cms:*:*:*:*:*:*:*:* (version unspecified in available data). The vulnerable endpoint /administer/selectionnode/framesSelectionNetworks.asp indicates the administrative module is exposed. Organizations with publicly accessible DM Corporative CMS instances or those with network exposure to untrusted users are at highest risk. Version-specific patch information should be obtained from the DM Corporative vendor advisory or security bulletin.
Remediation
IMMEDIATE ACTIONS: (1) Restrict network access to the /administer/ path using firewall rules, WAF, or web server configuration to allow only trusted administrative IPs. (2) Implement HTTP Basic Authentication or IP whitelisting at the web server level for all /administer/ endpoints. PATCH: Contact DM Corporative for vendor-released security patches addressing this IDOR vulnerability. Apply patches immediately upon release to all affected CMS instances. WORKAROUNDS (if patch unavailable): (3) Disable or rename the /administer/selectionnode/framesSelectionNetworks.asp file if the functionality is not required. (4) Implement a reverse proxy with request filtering to reject requests to this endpoint from unauthenticated sources. (5) Deploy a Web Application Firewall (WAF) rule blocking requests to framesSelectionNetworks.asp that do not originate from authorized administrative networks. VERIFICATION: After remediation, verify that unauthenticated requests to /administer/selectionnode/framesSelectionNetworks.asp?option=0 (or 1, 2) are denied and return HTTP 403 or redirect to login.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today