CVE-2025-41098
📋 TL;DR
This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner's general enquiry web service that allows unauthorized access to sensitive data. Attackers can manipulate object references to access information they shouldn't have permission to view. Organizations using BOLD Workplanner versions prior to 2.5.25 are affected.
💻 Affected Systems
- BOLD Workplanner
📦 What is this software?
Bold Workplanner by Boldworkplanner
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of sensitive work planning data, including employee schedules, project details, and confidential business information, potentially leading to data theft, operational disruption, or compliance violations.
Likely Case
Unauthorized access to employee schedules, project assignments, and work planning data, enabling information gathering for social engineering or competitive intelligence.
If Mitigated
Limited or no data exposure if proper access controls and input validation are implemented at the application layer.
🎯 Exploit Status
IDOR vulnerabilities typically require some level of access but are straightforward to exploit once an attacker discovers the pattern.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.5.25 (4935b438f9b)
Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/insecure-direct-object-reference-gps-bold-workplanner
Restart Required: Yes
Instructions:
1. Download BOLD Workplanner version 2.5.25 or later. 2. Backup current installation and data. 3. Apply the update following vendor documentation. 4. Restart the application/service. 5. Verify the fix is applied.
🔧 Temporary Workarounds
Web Application Firewall (WAF) Rules
allImplement WAF rules to detect and block suspicious parameter manipulation in the general enquiry web service endpoints.
Access Restriction
allRestrict network access to the BOLD Workplanner web service to only authorized users and networks.
🧯 If You Can't Patch
- Implement additional access controls and input validation at the application layer
- Monitor and audit access to the general enquiry web service for suspicious patterns
🔍 How to Verify
Check if Vulnerable:
Check the BOLD Workplanner version in the application interface or configuration files. If version is earlier than 2.5.25, the system is vulnerable.Check Version:
Check application admin interface or consult vendor documentation for version checking methodVerify Fix Applied:
After patching, verify the version shows 2.5.25 or later and test that object references cannot be manipulated to access unauthorized data.📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to general enquiry endpoints
- Multiple failed authorization attempts followed by successful data access
- Requests with manipulated object IDs or parameters
Network Indicators:
- Unusual traffic patterns to /general-enquiry or similar endpoints
- Requests with sequential or predictable object identifiers
SIEM Query:
source="bold-workplanner" AND (url="*/general-enquiry*" OR url="*/enquiry*") AND (status=200 OR status=403) | stats count by user, object_id