CVE-2025-10947

Sažetak

A flaw has been found in Sistemas Pleno Gestão de Locação up to 2025.7.x. The impacted element is an unknown function of the file /api/areacliente/pessoa/validarCpf of the component CPF Handler. Executing a manipulation of the argument pes_cpf can lead to authorization bypass. The attack can be executed remotely. The exploit has been published and may be used. Upgrading to version 2025.8.0 is sufficient to resolve this issue. It is advisable to upgrade the affected component.

Reference

https://github.com/lfparizzi/CVE-Sistemas_Pleno/tree/main
https://github.com/lfparizzi/CVE-Sistemas_Pleno/tree/main?tab=readme-ov-file#-proofs
https://vuldb.com/?ctiid.325817
https://vuldb.com/?id.325817
https://vuldb.com/?submit.652282
https://github.com/lfparizzi/CVE-Sistemas_Pleno/tree/main
https://github.com/lfparizzi/CVE-Sistemas_Pleno/tree/main?tab=readme-ov-file#-proofs

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

25-03-2026 - 13:16

Objavljeno

25-09-2025 - 13:15