{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1270", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "state": "PUBLISHED", "assignerShortName": "INCIBE", "dateReserved": "2025-02-13T09:18:44.181Z", "datePublished": "2025-02-13T12:48:15.216Z", "dateUpdated": "2025-02-13T14:22:21.210Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "H6Web", "vendor": "Anapi Group", "versions": [{"status": "affected", "version": "all versions", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Bertrand Lorente Y\u00e1\u00f1ez"}], "datePublic": "2025-02-13T11:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Insecure direct object reference (IDOR) vulnerability in Anapi Group's h6web, allows an authenticated attacker to access other users' information by making a POST request and modifying the \u201cpkrelated\u201d parameter in the \u201c/h6web/ha_datos_hermano.php\u201d endpoint to refer to another user. In addition, the first request could also allow the attacker to impersonate other users. As a result, all requests made after exploitation of the IDOR vulnerability will be executed with the privileges of the impersonated user."}], "value": "Insecure direct object reference (IDOR) vulnerability in Anapi Group's h6web, allows an authenticated attacker to access other users' information by making a POST request and modifying the \u201cpkrelated\u201d parameter in the \u201c/h6web/ha_datos_hermano.php\u201d endpoint to refer to another user. In addition, the first request could also allow the attacker to impersonate other users. As a result, all requests made after exploitation of the IDOR vulnerability will be executed with the privileges of the impersonated user."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2025-02-13T12:48:15.216Z"}, "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-anapi-group-h6web"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The Anapi Group team has taken the following actions: the Insecure Direct Object Reference vulnerability has been completely disabled; the Cross-Site Scripting (XSS) vulnerability has been fixed in the latest version."}], "value": "The Anapi Group team has taken the following actions: the Insecure Direct Object Reference vulnerability has been completely disabled; the Cross-Site Scripting (XSS) vulnerability has been fixed in the latest version."}], "source": {"discovery": "EXTERNAL"}, "title": "Insecure direct object reference (IDOR) vulnerability in H6Web", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-13T14:21:32.933790Z", "id": "CVE-2025-1270", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-13T14:22:21.210Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1270", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-13T14:21:32.933790Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-13T14:22:13.540Z"}}], "cna": {"title": "Insecure direct object reference (IDOR) vulnerability in H6Web", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Bertrand Lorente Y\u00e1\u00f1ez"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Anapi Group", "product": "H6Web", "versions": [{"status": "affected", "version": "all versions", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The Anapi Group team has taken the following actions: the Insecure Direct Object Reference vulnerability has been completely disabled; the Cross-Site Scripting (XSS) vulnerability has been fixed in the latest version.", "supportingMedia": [{"type": "text/html", "value": "The Anapi Group team has taken the following actions: the Insecure Direct Object Reference vulnerability has been completely disabled; the Cross-Site Scripting (XSS) vulnerability has been fixed in the latest version.", "base64": false}]}], "datePublic": "2025-02-13T11:00:00.000Z", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-anapi-group-h6web"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Insecure direct object reference (IDOR) vulnerability in Anapi Group's h6web, allows an authenticated attacker to access other users' information by making a POST request and modifying the \u201cpkrelated\u201d parameter in the \u201c/h6web/ha_datos_hermano.php\u201d endpoint to refer to another user. In addition, the first request could also allow the attacker to impersonate other users. As a result, all requests made after exploitation of the IDOR vulnerability will be executed with the privileges of the impersonated user.", "supportingMedia": [{"type": "text/html", "value": "Insecure direct object reference (IDOR) vulnerability in Anapi Group's h6web, allows an authenticated attacker to access other users' information by making a POST request and modifying the \u201cpkrelated\u201d parameter in the \u201c/h6web/ha_datos_hermano.php\u201d endpoint to refer to another user. In addition, the first request could also allow the attacker to impersonate other users. As a result, all requests made after exploitation of the IDOR vulnerability will be executed with the privileges of the impersonated user.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2025-02-13T12:48:15.216Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1270", "state": "PUBLISHED", "dateUpdated": "2025-02-13T14:22:21.210Z", "dateReserved": "2025-02-13T09:18:44.181Z", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "datePublished": "2025-02-13T12:48:15.216Z", "assignerShortName": "INCIBE"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:anapi:h6web:-:*:*:*:*:*:*:*", "matchCriteriaId": "50A1F49F-CA64-4AA2-BC41-C7F097F37BA2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Insecure direct object reference (IDOR) vulnerability in Anapi Group's h6web, allows an authenticated attacker to access other users' information by making a POST request and modifying the \u201cpkrelated\u201d parameter in the \u201c/h6web/ha_datos_hermano.php\u201d endpoint to refer to another user. In addition, the first request could also allow the attacker to impersonate other users. As a result, all requests made after exploitation of the IDOR vulnerability will be executed with the privileges of the impersonated user."}, {"lang": "es", "value": "La vulnerabilidad de referencia directa a objetos insegura (IDOR) en h6web de Anapi Group permite a un atacante autenticado acceder a la informaci\u00f3n de otros usuarios mediante una solicitud POST y modificando el par\u00e1metro \u201cpkrelated\u201d en el endpoint \u201c/h6web/ha_datos_hermano.php\u201d para hacer referencia a otro usuario. Adem\u00e1s, la primera solicitud tambi\u00e9n podr\u00eda permitir al atacante hacerse pasar por otros usuarios. Como resultado, todas las solicitudes realizadas despu\u00e9s de la explotaci\u00f3n de la vulnerabilidad IDOR se ejecutar\u00e1n con los privilegios del usuario suplantado."}], "id": "CVE-2025-1270", "lastModified": "2026-01-29T19:27:51.417", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 5.3, "source": "cve-coordination@incibe.es", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-02-13T13:15:09.273", "references": [{"source": "cve-coordination@incibe.es", "tags": ["Third Party Advisory"], "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-anapi-group-h6web"}], "sourceIdentifier": "cve-coordination@incibe.es", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "cve-coordination@incibe.es", "type": "Secondary"}]}

{}

{}