GN4 Publishing System Insecure Direct Object Reference (IDOR) Information Disclosure

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Description

GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference (IDOR) vulnerability via the API. Authenticated requests to the API's object endpoints allow an authenticated user to request arbitrary user IDs and receive sensitive account data for those users, including the stored password and the account's security question and answer. The exposed recovery data and encrypted password may be used to reset or take over the target account.

AI Analysis

Insecure direct object reference (IDOR) vulnerability in GN4 Publishing System allows authenticated users to access sensitive account data.

Basic Information

ID CVE-2025-34293

Source VulnCheck

Published Oct 24, 2025 at 21:16

Affected Product

Vendor Naviga Global / Miles 33

Product GN4 Publishing System

Affected Versions Naviga Global / Miles 33 GN4 Publishing System 0

CWE Classification

CWE-639

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor Naviga Global / Miles 33

Product GN4 Publishing System

Version prior to 2.6

References

{
    "lastseen": "",
    "description": "GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference (IDOR) vulnerability via the API. Authenticated requests to the API's object endpoints allow an authenticated user to request arbitrary user IDs and receive sensitive account data for those users, including the stored password and the account's security question and answer. The exposed recovery data and encrypted password may be used to reset or take over the target account.",
    "published": "2025-10-24T21:16:13.672Z",
    "modified": "2025-10-24T21:16:13.672Z",
    "type": "cve",
    "title": "GN4 Publishing System Insecure Direct Object Reference (IDOR) Information Disclosure",
    "source": "VulnCheck",
    "references": "https://www.miles33.com/news/news/5955/naviga--miles-33--acquisition.html\nhttps://nne.navigacloud.com/GN4Help/gn4_introduction_to_gn4.htm\nhttps://www.miles33.com/section/14/gn4\nhttps://www.vulncheck.com/advisories/gn4-publishing-system-idor-information-disclosure",
    "id": "CVE-2025-34293",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "Naviga Global / Miles 33 GN4 Publishing System 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "GN4 Publishing System",
    "version": "0",
    "vendor": "Naviga Global / Miles 33",
    "ai_description": "Insecure direct object reference (IDOR) vulnerability in GN4 Publishing System allows authenticated users to access sensitive account data.",
    "ai_severity": "High",
    "ai_vendor": "Naviga Global / Miles 33",
    "ai_product": "GN4 Publishing System",
    "ai_version": "prior to 2.6",
    "ai_score": 8.6
}

GN4 Publishing System Insecure Direct Object Reference (IDOR) Information Disclosure_CVE-2025-34293