CVE-2025-4762: Insecure Direct Object Reference (IDOR) vulnerability in eSignaViewer

2.0 CVSS

Description

Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers.

Classification

CVE ID: CVE-2025-4762

CVSS Base Severity: LOW

CVSS Base Score: 2.0

CVSS Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Problem Types

CWE-20: Improper Input Validation

Affected Products

Vendor: Lleidanet PKI

Product: eSigna

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.12% (probability of being exploited)

EPSS Percentile: 31.27% (scored less or equal to compared to others)

EPSS Date: 2025-06-06 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-4762
https://edgewatch.com/vulnerability-advisories/path-traversal-and-idor-vulnerabilities-in-esignaviewer-allow-unauthorized-file-access/

Timeline

2025-05-15 12:40:16 UTC
CVE

Insecure Direct Object Reference (IDOR) vulnerability in eSignaViewer