Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers.
CVE ID: CVE-2025-4762
CVSS Base Severity: LOW
CVSS Base Score: 2.0
CVSS Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
Vendor: Lleidanet PKI
Product: eSigna
EPSS Score: 0.12% (probability of being exploited)
EPSS Percentile: 31.27% (scored less or equal to compared to others)
EPSS Date: 2025-06-06 (when was this score calculated)