CVE-2025-2306

An Improper Access Control vulnerability was
identified in the file download functionality. This vulnerability allows users
to download sensitive documents without authentication, if the URL is known.



The attack
requires the attacker to know the documents UUIDv4.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
cirosecCNA
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Common Weakness Enumeration
References
https://www.cirosec.de/sa/sa-2025-004