CVE-2025-41077
📋 TL;DR
An Insecure Direct Object Reference (IDOR) vulnerability in Viafirma Inbox v4.5.13 allows authenticated users without privileges to list all users, access and modify their data, including email addresses. This enables attackers to impersonate any user via password recovery functionality, potentially gaining administrative access. All organizations using the vulnerable version are affected.
💻 Affected Systems
- Viafirma Inbox
📦 What is this software?
Inbox by Viafirma
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of all user accounts, including administrative accounts, leading to full system takeover, data theft, and unauthorized administrative actions.
Likely Case
Attackers modify email addresses of regular users to hijack accounts via password reset, then escalate to administrative accounts to gain full application control.
If Mitigated
With proper access controls and monitoring, impact limited to unauthorized data viewing with quick detection of suspicious account modifications.
🎯 Exploit Status
Exploitation requires authenticated access but no special privileges. Simple HTTP requests can trigger the vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after v4.5.13 (specific version not specified in reference)
Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-viafirma-products
Restart Required: Yes
Instructions:
1. Contact Viafirma for updated version. 2. Backup current installation. 3. Apply vendor-provided patch/upgrade. 4. Restart application services. 5. Verify fix implementation.
🔧 Temporary Workarounds
Temporary Access Control
allImplement strict access controls at web application firewall or reverse proxy level to restrict user listing and modification endpoints.
🧯 If You Can't Patch
- Implement network segmentation to isolate Viafirma Inbox from other critical systems
- Enable detailed logging and monitoring for user listing/modification activities and password reset requests
🔍 How to Verify
Check if Vulnerable:
Check if running Viafirma Inbox v4.5.13 via application admin panel or version files.Check Version:
Check application configuration files or admin interface for version information.Verify Fix Applied:
Test authenticated user access to user listing and modification endpoints - should return access denied for non-privileged users.📡 Detection & Monitoring
Log Indicators:
- Multiple GET/POST requests to user listing endpoints from non-admin accounts
- Unusual email modification events followed by password reset requests
- User enumeration patterns in access logs
Network Indicators:
- HTTP requests to /api/users or similar endpoints from non-privileged accounts
- Pattern of sequential user ID requests
SIEM Query:
source="viafirma_logs" AND (uri_path="/api/users" OR uri_path="/api/user/*/modify") AND user_role!="admin"