CVE-2025-65742 – An unauthenticated Broken Function Level Author... (How to Fix)

Q: What is the severity of CVE-2025-65742?

CVE-2025-65742 has a CVSS score of 8.2 (HIGH). An unauthenticated Broken Function Level Authorization vulnerability in Newgen OmniDocs v11.0 allows attackers to bypass authentication and access privileged API functions. This enables information disclosure and full account takeover via crafted API requests. Organizations using Newgen OmniDocs v11.0 are affected.

📋 TL;DR

An unauthenticated Broken Function Level Authorization vulnerability in Newgen OmniDocs v11.0 allows attackers to bypass authentication and access privileged API functions. This enables information disclosure and full account takeover via crafted API requests. Organizations using Newgen OmniDocs v11.0 are affected.

💻 Affected Systems

Products:

Newgen OmniDocs

Versions: v11.0

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability affects the LDAP authentication component and requires the system to be configured with LDAP authentication.

📦 What is this software?

Omnidocs by Newgensoft

View all CVEs affecting Omnidocs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the OmniDocs system with administrative access, data exfiltration, and potential lateral movement to connected systems.

🟠

Likely Case

Unauthorized access to sensitive documents and user accounts, leading to data breaches and privilege escalation.

🟢

If Mitigated

Limited impact if proper network segmentation and API security controls are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept code is publicly available on GitHub, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://newgensoft.com/

Restart Required: No

Instructions:

1. Monitor Newgen's official website for security advisories. 2. Apply the official patch when available. 3. Test in a non-production environment first.

🔧 Temporary Workarounds

Network Access Control

all

Restrict access to OmniDocs API endpoints to trusted IP addresses only.

API Gateway Protection

all

Implement an API gateway with authentication and authorization controls in front of OmniDocs.

🧯 If You Can't Patch

Isolate the OmniDocs system in a segmented network zone with strict firewall rules.
Implement multi-factor authentication and monitor for suspicious API activity.

🔍 How to Verify

Check if Vulnerable:

Check if you are running Newgen OmniDocs v11.0 with LDAP authentication enabled.

Check Version:

Check the OmniDocs administration interface or configuration files for version information.

Verify Fix Applied:

Verify that unauthorized API requests to privileged endpoints are properly rejected after applying mitigations.

📡 Detection & Monitoring

Log Indicators:

Unusual API requests to authentication endpoints
Failed authentication attempts followed by successful privileged access

Network Indicators:

Unusual traffic patterns to OmniDocs API endpoints from untrusted sources

SIEM Query:

source="omni*" AND (uri="/api/auth*" OR uri="/api/ldap*") AND status=200 AND user="anonymous"

📊 Metadata

CVE ID: CVE-2025-65742

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE: CWE-862

EPSS Score: 0.06% exploit probability (17th percentile)

Published: December 15, 2025

Last Updated: December 23, 2025

🔗 References

https://github.com/CBx216/CVE-2025-65742-Newgen-OmniDocs-LDAP-BFLA/blob/main/CVE-2025-65742.md Exploit,Third Party Advisory
https://newgensoft.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65742, you might also want to check these: