CVE-2025-2125 – This vulnerability in Control iD RH iD allows a... (How to Fix)

Q: What is the severity of CVE-2025-2125?

CVE-2025-2125 has a CVSS score of 4.3 (MEDIUM). This vulnerability in Control iD RH iD allows attackers to manipulate resource identifiers through the PDF Document Handler component, potentially enabling unauthorized access to sensitive documents. It affects systems running version 25.2.25.0 and can be exploited remotely without authentication.

📋 TL;DR

This vulnerability in Control iD RH iD allows attackers to manipulate resource identifiers through the PDF Document Handler component, potentially enabling unauthorized access to sensitive documents. It affects systems running version 25.2.25.0 and can be exploited remotely without authentication.

💻 Affected Systems

Products:

Control iD RH iD

Versions: 25.2.25.0

Operating Systems: Unknown - likely Windows-based given the .svc extension

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects the PDF Document Handler component at /v2/report.svc/comprovante_marcacao/?companyId=1 endpoint

📦 What is this software?

Control Id Rhid by Assaabloy

View all CVEs affecting Control Id Rhid →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Unauthorized access to sensitive employee timekeeping records and personal data through manipulated PDF document requests

🟠

Likely Case

Information disclosure of internal company documents and employee records

🟢

If Mitigated

Limited impact with proper network segmentation and access controls in place

🌐 Internet-Facing: HIGH - Attack can be initiated remotely without authentication

🏢 Internal Only: MEDIUM - Requires knowledge of internal systems but exploitation is straightforward

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept available on GitHub repository, manipulation of nsr parameter is straightforward

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available - vendor did not respond to disclosure

Restart Required: No

Instructions:

No official patch available. Monitor vendor website for updates and consider alternative solutions if vendor remains unresponsive.

🔧 Temporary Workarounds

Block vulnerable endpoint

all

Restrict access to the vulnerable /v2/report.svc/comprovante_marcacao/ endpoint

# Example for web server configuration
# For Apache: <Location "/v2/report.svc/comprovante_marcacao/">
#   Order deny,allow
#   Deny from all
# </Location>
# For IIS: Use Request Filtering to block the specific path

Input validation for nsr parameter

all

Implement strict validation on the nsr parameter to prevent manipulation

# Implement server-side validation
# Example pseudocode:
# if (!isValidResourceIdentifier(nsr)) {
#   return Error 400 - Bad Request
# }

🧯 If You Can't Patch

Implement network segmentation to isolate the Control iD RH iD system from untrusted networks
Deploy a web application firewall (WAF) with rules to detect and block manipulation of the nsr parameter

🔍 How to Verify

Check if Vulnerable:

Test if the endpoint /v2/report.svc/comprovante_marcacao/?companyId=1 accepts manipulated nsr parameters that bypass intended restrictions

Check Version:

Check Control iD RH iD version in application interface or configuration files

Verify Fix Applied:

Verify that manipulated nsr parameters no longer allow unauthorized access to documents

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to /v2/report.svc/comprovante_marcacao/ endpoint
Multiple failed attempts with manipulated nsr parameters
Access to documents outside normal business hours

Network Indicators:

HTTP requests with unusual nsr parameter values
High volume of requests to the PDF document endpoint

SIEM Query:

source="web_server" AND (uri="/v2/report.svc/comprovante_marcacao/" AND (nsr="*[special_chars]*" OR nsr="*[unusual_pattern]*"))

📊 Metadata

CVE ID: CVE-2025-2125

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-99

EPSS Score: 0.06% exploit probability (18.4th percentile)

Published: March 9, 2025

Last Updated: March 24, 2025

🔗 References

https://github.com/yago3008/cves Third Party Advisory
https://vuldb.com/?ctiid.299038 Permissions Required,VDB Entry
https://vuldb.com/?id.299038 VDB Entry
https://vuldb.com/?submit.509856 VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-2125, you might also want to check these: