CVE-2025-41095
📋 TL;DR
This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner software. Authenticated users can access planning counter details using unauthorized internal identifiers due to insufficient input validation. This affects organizations using BOLD Workplanner versions before 2.5.25.
💻 Affected Systems
- BOLD Workplanner
📦 What is this software?
Bold Workplanner by Boldworkplanner
⚠️ Risk & Real-World Impact
Worst Case
An authenticated malicious insider could access sensitive planning data belonging to other users or departments, potentially exposing confidential business operations, employee schedules, or proprietary planning information.
Likely Case
An authenticated user accidentally or intentionally accesses planning counter details they shouldn't have permission to view, leading to information disclosure and potential privacy violations.
If Mitigated
With proper access controls and input validation, users can only access data they're authorized to view, maintaining data confidentiality and integrity.
🎯 Exploit Status
Exploitation requires authenticated access and knowledge of internal identifier patterns. Attackers need to understand the application's object reference structure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.5.25 (commit 4935b438f9b) or later
Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/insecure-direct-object-reference-gps-bold-workplanner
Restart Required: No
Instructions:
1. Backup your current Workplanner installation and data. 2. Download version 2.5.25 or later from the official vendor. 3. Follow the vendor's upgrade instructions. 4. Verify the update was successful by checking the version.
🔧 Temporary Workarounds
Implement additional access controls
allAdd server-side authorization checks for all object references to ensure users can only access their authorized data.
Input validation enhancement
allImplement strict validation of all user-supplied identifiers against authorized user permissions before processing.
🧯 If You Can't Patch
- Implement network segmentation to isolate the Workplanner system and restrict access to authorized users only.
- Enable detailed logging and monitoring of all access to planning counter endpoints to detect unauthorized access attempts.
🔍 How to Verify
Check if Vulnerable:
Check the Workplanner version in the application interface or configuration files. If version is below 2.5.25, the system is vulnerable.Check Version:
Check application interface or consult vendor documentation for version checking method.Verify Fix Applied:
After updating, verify the version shows 2.5.25 or higher. Test that authenticated users can only access their authorized planning counter details.📡 Detection & Monitoring
Log Indicators:
- Multiple failed authorization attempts for planning counter access
- User accessing planning counter IDs outside their normal range
- Unusual patterns of planning counter queries
Network Indicators:
- Unusual volume of requests to planning counter endpoints
- Requests with sequential or patterned object identifiers
SIEM Query:
source="workplanner_logs" AND (event="unauthorized_access" OR event="access_denied") AND resource="planning_counter"