Sistemas Pleno Gestão de Locação CPF validarCpf authorization_CVE-2025-10947

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in Sistemas Pleno Gestão de Locação up to 2025.7.x. The impacted element is an unknown function of the file /api/areacliente/pessoa/validarCpf of the component CPF Handler. Executing manipulation of the argument pes_cpf can lead to authorization bypass. The attack can be executed remotely. The exploit has been published and may be used. Upgrading to version 2025.8.0 is sufficient to resolve this issue. It is advisable to upgrade the affected component.

Basic Information

ID CVE-2025-10947

Source VulDB

Published Sep 25, 2025 at 13:02

Modified Sep 25, 2025 at 13:14

Affected Product

Vendor Sistemas Pleno

Product Gestão de Locação

Version 2025.0

Affected Versions Sistemas Pleno Gestão de Locação 2025.0
Sistemas Pleno Gestão de Locação 2025.1
Sistemas Pleno Gestão de Locação 2025.2
Sistemas Pleno Gestão de Locação 2025.3
Sistemas Pleno Gestão de Locação 2025.4
Sistemas Pleno Gestão de Locação 2025.5
Sistemas Pleno Gestão de Locação 2025.6
Sistemas Pleno Gestão de Locação 2025.7

CWE Classification

CWE-639 CWE-285

References

{
    "lastseen": "",
    "description": "A flaw has been found in Sistemas Pleno Gest\u00e3o de Loca\u00e7\u00e3o up to 2025.7.x. The impacted element is an unknown function of the file /api/areacliente/pessoa/validarCpf of the component CPF Handler. Executing manipulation of the argument pes_cpf can lead to authorization bypass. The attack can be executed remotely. The exploit has been published and may be used. Upgrading to version 2025.8.0 is sufficient to resolve this issue. It is advisable to upgrade the affected component.",
    "published": "2025-09-25T13:02:09.244Z",
    "modified": "2025-09-25T13:14:33.199Z",
    "type": "cve",
    "title": "Sistemas Pleno Gest\u00e3o de Loca\u00e7\u00e3o CPF validarCpf authorization",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.325817\nhttps://vuldb.com/?ctiid.325817\nhttps://vuldb.com/?submit.652282\nhttps://github.com/lfparizzi/CVE-Sistemas_Pleno/tree/main\nhttps://github.com/lfparizzi/CVE-Sistemas_Pleno/tree/main?tab=readme-ov-file#-proofs",
    "id": "CVE-2025-10947",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639",
        "CWE-285"
    ],
    "cvelist": null,
    "sourceData": "Sistemas Pleno Gest\u00e3o de Loca\u00e7\u00e3o 2025.0\nSistemas Pleno Gest\u00e3o de Loca\u00e7\u00e3o 2025.1\nSistemas Pleno Gest\u00e3o de Loca\u00e7\u00e3o 2025.2\nSistemas Pleno Gest\u00e3o de Loca\u00e7\u00e3o 2025.3\nSistemas Pleno Gest\u00e3o de Loca\u00e7\u00e3o 2025.4\nSistemas Pleno Gest\u00e3o de Loca\u00e7\u00e3o 2025.5\nSistemas Pleno Gest\u00e3o de Loca\u00e7\u00e3o 2025.6\nSistemas Pleno Gest\u00e3o de Loca\u00e7\u00e3o 2025.7",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Gest\u00e3o de Loca\u00e7\u00e3o",
    "version": "2025.0",
    "vendor": "Sistemas Pleno",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}