CVE-2025-41093 – An Insecure Direct Object Reference (IDOR) vuln... (How to Fix)

Q: What is the severity of CVE-2025-41093?

CVE-2025-41093 has a CVSS score of 4.3 (MEDIUM). An Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner allows authenticated users to access basic contract details using unauthorized internal identifiers. This affects BOLD Workplanner versions prior to 2.5.25 (4935b438f9b). The vulnerability stems from insufficient input validation.

📋 TL;DR

An Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner allows authenticated users to access basic contract details using unauthorized internal identifiers. This affects BOLD Workplanner versions prior to 2.5.25 (4935b438f9b). The vulnerability stems from insufficient input validation.

💻 Affected Systems

Products:

BOLD Workplanner

Versions: All versions prior to 2.5.25 (4935b438f9b)

Operating Systems: Not OS-specific

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to exploit

📦 What is this software?

Bold Workplanner by Boldworkplanner

View all CVEs affecting Bold Workplanner →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Unauthorized access to sensitive contract data, potentially leading to data breach, privacy violations, or competitive intelligence gathering.

🟠

Likely Case

Authenticated users accessing contract details they shouldn't have permission to view, violating data segregation requirements.

🟢

If Mitigated

Limited impact with proper access controls and monitoring, though still a compliance violation.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires authenticated access and knowledge of internal identifiers

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.5.25 (4935b438f9b) or later

Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/insecure-direct-object-reference-gps-bold-workplanner

Restart Required: No

Instructions:

1. Backup current installation
2. Download version 2.5.25 or later from official vendor
3. Follow vendor upgrade instructions
4. Verify successful update

🔧 Temporary Workarounds

Implement additional access controls

all

Add server-side authorization checks for all contract detail requests

Input validation enhancement

all

Implement strict validation of all user-supplied identifiers

🧯 If You Can't Patch

Implement network segmentation to restrict access to vulnerable systems
Enable detailed logging and monitoring for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check if BOLD Workplanner version is earlier than 2.5.25 (4935b438f9b)

Check Version:

Check application version in admin interface or configuration files

Verify Fix Applied:

Confirm version is 2.5.25 (4935b438f9b) or later and test authorization controls

📡 Detection & Monitoring

Log Indicators:

Multiple failed authorization attempts for contract access
Access to contract IDs outside user's normal range
Unusual pattern of contract detail requests

Network Indicators:

Unusual API call patterns to contract endpoints
Requests with sequential or predictable identifiers

SIEM Query:

source="bold-workplanner" AND (event="contract_access" OR event="authorization_failure") AND user_id!="authorized_user"

📊 Metadata

CVE ID: CVE-2025-41093

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-639

EPSS Score: 0.05% exploit probability (13.9th percentile)

Published: September 30, 2025

Last Updated: October 8, 2025

🔗 References

https://www.incibe.es/en/incibe-cert/notices/aviso/insecure-direct-object-reference-gps-bold-workplanner Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-41093, you might also want to check these: