CVE-2025-41077
HIGH
8.1
Our Analysis: General-Purpose
Our model has classified this vulnerability as relevant to General-Purpose Systems, helping your team prioritize efforts effectively.
Published Date
January 12, 2026
Last Modified
January 29, 2026
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Description
IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data. This allows the user's email addresses to be modified and, subsequently, using the password recovery functionality to access the application by impersonating any user, including those with administrative permissions.