CVE 8.7 HIGH

Multiple vulnerabilities in Viafirma products_CVE-2025-41078

January 12, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Description

Weaknesses in the authorization mechanisms of Viafirma Documents v3.7.129 allow an authenticated user without privileges to list and access other user data, use user creation, modification, and deletion features, and escalate privileges by impersonating other users of the application in the generation and signing of documents.

AI Analysis

Authorization mechanism weaknesses allowing privilege escalation and unauthorized data access

Basic Information

ID CVE-2025-41078

Source INCIBE

Published Jan 12, 2026 at 14:59

Modified Jan 12, 2026 at 16:23

Affected Product

Vendor Viafirma

Product Viafirma Documents

Version v3.7.129

Affected Versions Viafirma Viafirma Documents v3.7.129

CWE Classification

CWE-863

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Viafirma

Product Viafirma Documents

Version v3.7.129

References

www.incibe.es /en/incibe-cert/notices/aviso/multiple-vulnerabilities-viafirma-products

{
    "lastseen": "",
    "description": "Weaknesses in the authorization mechanisms of Viafirma Documents v3.7.129 allow an authenticated user without privileges to list and access other user data, use user creation, modification, and deletion features, and escalate privileges by impersonating other users of the application in the generation and signing of documents.",
    "published": "2026-01-12T14:59:26.385Z",
    "modified": "2026-01-12T16:23:16.534Z",
    "type": "cve",
    "title": "Multiple vulnerabilities in Viafirma products",
    "source": "INCIBE",
    "references": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-viafirma-products",
    "id": "CVE-2025-41078",
    "bulletinFamily": "",
    "cwe": [
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "Viafirma Viafirma Documents v3.7.129",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Viafirma Documents",
    "version": "v3.7.129",
    "vendor": "Viafirma",
    "ai_description": "Authorization mechanism weaknesses allowing privilege escalation and unauthorized data access",
    "ai_severity": "High",
    "ai_vendor": "Viafirma",
    "ai_product": "Viafirma Documents",
    "ai_version": "v3.7.129",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply