CVE-2025-10947
📋 TL;DR
This vulnerability allows remote attackers to bypass authorization in Sistemas Pleno Gestão de Locação by manipulating the 'pes_cpf' argument in the CPF Handler component. It affects users of this software up to version 2025.7.x, potentially enabling unauthorized access to sensitive functions or data.
💻 Affected Systems
- Sistemas Pleno Gestão de Locação
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full administrative access to the system, leading to data theft, unauthorized modifications, or complete compromise of the application.
Likely Case
Unauthorized users bypass authentication to access restricted areas or perform actions they shouldn't, such as viewing or editing personal or financial data.
If Mitigated
With proper network segmentation and access controls, impact is limited to the application layer, preventing lateral movement or broader system compromise.
🎯 Exploit Status
Exploit details are published on GitHub, indicating it may be used in attacks; exploitation requires manipulation of the 'pes_cpf' parameter but does not necessarily need authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2025.8.0
Vendor Advisory: Not provided in input; check vendor sources or references like vuldb.com for updates.
Restart Required: No
Instructions:
1. Backup the current installation. 2. Download and install version 2025.8.0 from the official vendor. 3. Verify the update by checking the version in the application interface.
🔧 Temporary Workarounds
Block Access to Vulnerable Endpoint
LinuxRestrict access to the /api/areacliente/pessoa/validarCpf endpoint using a web application firewall (WAF) or network controls to prevent exploitation.
iptables -A INPUT -p tcp --dport 80 -m string --string '/api/areacliente/pessoa/validarCpf' --algo bm -j DROP
iptables -A INPUT -p tcp --dport 443 -m string --string '/api/areacliente/pessoa/validarCpf' --algo bm -j DROP
🧯 If You Can't Patch
- Implement strict network segmentation to isolate the application from untrusted networks.
- Monitor and audit access logs for suspicious activity targeting the vulnerable endpoint.
🔍 How to Verify
Check if Vulnerable:
Check the application version via the admin interface or configuration files; if it is 2025.7.x or earlier, it is vulnerable.Check Version:
grep -i version /path/to/application/config/files or check the web interface for version info.Verify Fix Applied:
After upgrading, confirm the version is 2025.8.0 or later and test the /api/areacliente/pessoa/validarCpf endpoint to ensure authorization bypass is no longer possible.📡 Detection & Monitoring
Log Indicators:
- Unusual POST or GET requests to /api/areacliente/pessoa/validarCpf with manipulated 'pes_cpf' parameters
- Failed authorization attempts followed by successful access from unexpected IPs.
Network Indicators:
- Traffic spikes to the vulnerable endpoint, especially from known malicious IPs or unusual geolocations.
SIEM Query:
source="web_logs" AND url="/api/areacliente/pessoa/validarCpf" AND (status=200 OR status=302) AND NOT user_agent="normal_user_agent"🔗 References
- https://github.com/lfparizzi/CVE-Sistemas_Pleno/tree/main
- https://github.com/lfparizzi/CVE-Sistemas_Pleno/tree/main?tab=readme-ov-file#-proofs
- https://vuldb.com/?ctiid.325817
- https://vuldb.com/?id.325817
- https://vuldb.com/?submit.652282
- https://github.com/lfparizzi/CVE-Sistemas_Pleno/tree/main
- https://github.com/lfparizzi/CVE-Sistemas_Pleno/tree/main?tab=readme-ov-file#-proofs
