CVE-2025-41094
📋 TL;DR
This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner software that allows authenticated users to access contract details they shouldn't have permission to view. Attackers can manipulate internal identifiers to bypass authorization checks and view sensitive contract information. This affects organizations using BOLD Workplanner versions before 2.5.25.
💻 Affected Systems
- BOLD Workplanner
📦 What is this software?
Bold Workplanner by Boldworkplanner
⚠️ Risk & Real-World Impact
Worst Case
An authenticated malicious insider or compromised account could access all contract details in the system, potentially exposing sensitive business agreements, pricing information, and confidential client data.
Likely Case
Authenticated users can access some contract details they shouldn't have permission to view, leading to unauthorized information disclosure and potential privacy violations.
If Mitigated
With proper access controls and input validation, users can only access contract details they're explicitly authorized to view.
🎯 Exploit Status
Exploitation requires authenticated access and knowledge of internal identifier manipulation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.5.25 (commit 4935b438f9b) or later
Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/insecure-direct-object-reference-gps-bold-workplanner
Restart Required: No
Instructions:
1. Download BOLD Workplanner version 2.5.25 or later from official sources. 2. Backup current installation and data. 3. Apply the update following vendor instructions. 4. Verify the update was successful.
🔧 Temporary Workarounds
Implement additional authorization checks
allAdd server-side authorization validation for all contract detail access requests
Implement input validation
allValidate and sanitize all internal identifier parameters before processing
🧯 If You Can't Patch
- Implement network segmentation to isolate BOLD Workplanner from sensitive systems
- Enforce strict access controls and monitor for unusual access patterns to contract data
🔍 How to Verify
Check if Vulnerable:
Check if BOLD Workplanner version is earlier than 2.5.25 by examining the application version in admin interface or configuration filesCheck Version:
Check application configuration or admin panel for version informationVerify Fix Applied:
Verify the application version is 2.5.25 or later and test that unauthorized contract access attempts are properly blocked📡 Detection & Monitoring
Log Indicators:
- Multiple failed authorization attempts for contract access
- Unusual pattern of contract detail requests from single user
- Access to contract IDs outside user's normal range
Network Indicators:
- Unusual volume of requests to contract detail endpoints
- Pattern of sequential contract ID requests
SIEM Query:
source="bold_workplanner" AND (event_type="contract_access" AND user_id=* AND contract_id NOT IN authorized_list)