9.3
/ 10
CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Description
Bypass vulnerability in the authentication method in the GTT Tax Information System application, related to the Active Directory (LDAP) login method.
Authentication is performed through a local WebSocket, but the web application does not properly validate the authenticity or origin of the data received, allowing an attacker with access to the local machine or internal network to impersonate the legitimate WebSocket and inject manipulated information.
Exploiting this vulnerability could allow an attacker to authenticate as any user in the domain, without the need for valid credentials, compromising the confidentiality, integrity, and availability of the application and its data.
Authentication is performed through a local WebSocket, but the web application does not properly validate the authenticity or origin of the data received, allowing an attacker with access to the local machine or internal network to impersonate the legitimate WebSocket and inject manipulated information.
Exploiting this vulnerability could allow an attacker to authenticate as any user in the domain, without the need for valid credentials, compromising the confidentiality, integrity, and availability of the application and its data.
AI Analysis
Bypass vulnerability in the authentication method of the GTT Tax Information System application
Basic Information
ID
CVE-2025-13953
Source
INCIBE
Published
Dec 10, 2025 at 11:27
Modified
Dec 10, 2025 at 11:28
Affected Product
Vendor
GTT
Product
Sistema de Información Tributario
Version
All versions
Affected Versions
GTT Sistema de Información Tributario All versions
CWE Classification
AI Assessment
AI Score
9.3 / 10
AI Severity
Critical
Vendor
GTT
Product
Sistema de Información Tributario
Version
All versions