CVE-2025-41337
📋 TL;DR
An authorization bypass vulnerability in CanalDenuncia.app allows attackers to access other users' information by manipulating the 'web' parameter in a POST request to '/backend/api/buscarSSOParametros.php'. This affects all users of vulnerable CanalDenuncia.app installations.
💻 Affected Systems
- CanalDenuncia.app
📦 What is this software?
Canaldenuncia.app by Canaldenuncia
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of all user data including sensitive personal information, potentially leading to identity theft, regulatory violations, and reputational damage.
Likely Case
Unauthorized access to multiple users' personal information and case details, enabling data harvesting and privacy violations.
If Mitigated
Limited or no data exposure if proper authorization checks and input validation are implemented.
🎯 Exploit Status
Exploitation requires sending crafted POST requests but does not require authentication to the target user accounts.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in advisory
Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-canaldenunciaapp
Restart Required: No
Instructions:
1. Contact CanalDenuncia.app vendor for patched version. 2. Apply authorization checks to '/backend/api/buscarSSOParametros.php'. 3. Validate and sanitize 'web' parameter input. 4. Implement proper session management and access controls.
🔧 Temporary Workarounds
Web Application Firewall Rule
allBlock or monitor suspicious POST requests to the vulnerable endpoint
WAF specific - configure rule to inspect POST requests to '/backend/api/buscarSSOParametros.php' for parameter manipulation
Endpoint Restriction
linuxRestrict access to the vulnerable API endpoint
iptables -A INPUT -p tcp --dport 80 -m string --string '/backend/api/buscarSSOParametros.php' --algo bm -j DROP
Similar rule for port 443 if HTTPS
🧯 If You Can't Patch
- Implement strict network segmentation to isolate the application
- Deploy additional monitoring and alerting for unauthorized access attempts to user data
🔍 How to Verify
Check if Vulnerable:
Test by sending POST request to '/backend/api/buscarSSOParametros.php' with manipulated 'web' parameter and checking if unauthorized data is returned.Check Version:
Check application version through admin interface or contact vendorVerify Fix Applied:
Attempt the same exploit after patch - should receive authorization error or no data when using unauthorized parameters.📡 Detection & Monitoring
Log Indicators:
- Multiple POST requests to '/backend/api/buscarSSOParametros.php' with varying 'web' parameter values
- Unusual data access patterns from single IP
Network Indicators:
- POST requests to vulnerable endpoint with parameter manipulation
- Unusual data volume from API endpoint
SIEM Query:
source="web_logs" AND uri_path="/backend/api/buscarSSOParametros.php" AND http_method="POST" AND (parameter_count > normal_baseline OR user_agent_suspicious = true)