CVE-2025-1642
Published: 25 February 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-1642 is a critical vulnerability in Benner ModernaNet versions up to 1.1.0, affecting unknown code in the file /AGE0000700/GetImageMedico?fooId=1. The issue stems from improper control of resource identifiers (CWE-99, NVD-CWE-Other), triggered by manipulation of the fooId argument. It has a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N), indicating medium severity with network accessibility and low attack complexity.
A remote attacker with low privileges (PR:L) can exploit this vulnerability without user interaction. Successful exploitation allows limited disclosure of confidential information (C:L), such as unauthorized access to resources via injected identifiers, but does not impact integrity or availability.
VulDB advisories recommend upgrading to Benner ModernaNet version 1.1.1 to address the issue. Additional details are available in the referenced sources, including https://github.com/yago3008/cves, https://vuldb.com/?ctiid.296692, https://vuldb.com/?id.296692, and https://vuldb.com/?submit.499877.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
IDOR vulnerability (improper control of resource identifiers) in public-facing web endpoint /AGE0000700/GetImageMedico enables remote exploitation to access unauthorized sensitive data (e.g., doctor images, details) by manipulating fooId.