E4 Sistemas Mercatus ERP id resource injection_CVE-2025-9619

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X

Description

A security flaw has been discovered in E4 Sistemas Mercatus ERP 2.00.019. The affected element is an unknown function of the file /basico/webservice/imprimir-danfe/id/. Performing manipulation results in improper control of resource identifiers. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-9619

Source VulDB

Published Aug 29, 2025 at 04:02

Affected Product

Vendor E4 Sistemas

Product Mercatus ERP

Version 2.00.019

Affected Versions E4 Sistemas Mercatus ERP 2.00.019

CWE Classification

CWE-99

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in E4 Sistemas Mercatus ERP 2.00.019. The affected element is an unknown function of the file /basico/webservice/imprimir-danfe/id/. Performing manipulation results in improper control of resource identifiers. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-08-29T04:02:06.330Z",
    "modified": "2025-08-29T04:02:06.330Z",
    "type": "cve",
    "title": "E4 Sistemas Mercatus ERP id resource injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.321790\nhttps://vuldb.com/?ctiid.321790\nhttps://vuldb.com/?submit.636623",
    "id": "CVE-2025-9619",
    "bulletinFamily": "",
    "cwe": [
        "CWE-99"
    ],
    "cvelist": null,
    "sourceData": "E4 Sistemas Mercatus ERP 2.00.019",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Mercatus ERP",
    "version": "2.00.019",
    "vendor": "E4 Sistemas",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}