Primary

Context

i2A CronosWeb Direct Object Reference Vulnerability Allowing Document Access

Vulnerability

A direct object reference vulnerability (IDOR) has been identified in i2A's CronosWeb application, specifically in versions prior to 25.00.00.12. This vulnerability allows authenticated attackers to access documents belonging to other users by manipulating the 'documentCode' parameter in the 'CronosWeb/Modulos/Personas/DocumentosPersonales/AdjuntarDocumentosPersonas' module.

Impact

Exploitation of this vulnerability could lead to unauthorized access to other users' documents.

Remediation

The vulnerability has been fixed in i2A CronosWeb version 25.01, which is available as of December 1, 2025.

Added: Dec 10, 2025, 12:17 PM

Updated: Dec 10, 2025, 12:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

i2A CronosWeb Direct Object Reference Vulnerability Allowing Document Access

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating