CVE-2025-11843

31.10.2025, 10:15

Therefore Corporation GmbH has recently become aware that Therefore Online and Therefore On-Premises contain an account impersonation vulnerability. A malicious user may potentially be able to impersonate the web service account or the account of a service using the API when connecting to the Therefore Server. If the malicious user gains this impersonation user access, then it is possible for them to access the documents stored in Therefore. This impersonation is at application level (Therefore access level), not the operating system level.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Canon_EMEA	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-290 - Authentication Bypass by Spoofing
This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

References

https://www.canon-europe.com/psirt/advisory-information/