Weak encryption on Funambol’s cloud server_CVE-2025-41351

6 / 10

MEDIUM

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an attacker to decrypt and encrypt the parameters used by the application to generate ‘self-signed’ access URLs.

Basic Information

ID CVE-2025-41351

Source INCIBE

Published Jan 28, 2026 at 10:43

Affected Product

Vendor Funambol

Product Cloud Server

Version 30.0.0.20

Affected Versions Funambol Cloud Server 30.0.0.20

CWE Classification

CWE-649

References

www.incibe.es /en/incibe-cert/notices/aviso/weak-encryption-funambols-cloud-server

{
    "lastseen": "",
    "description": "Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an attacker to decrypt and encrypt the parameters used by the application to generate \u2018self-signed\u2019 access URLs.",
    "published": "2026-01-28T10:43:15.171Z",
    "modified": "2026-01-28T10:43:15.171Z",
    "type": "cve",
    "title": "Weak encryption on Funambol's cloud server",
    "source": "INCIBE",
    "references": "https://www.incibe.es/en/incibe-cert/notices/aviso/weak-encryption-funambols-cloud-server",
    "id": "CVE-2025-41351",
    "bulletinFamily": "",
    "cwe": [
        "CWE-649"
    ],
    "cvelist": null,
    "sourceData": "Funambol Cloud Server 30.0.0.20",
    "sourceHref": "",
    "cvss": {
        "score": 6,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Cloud Server",
    "version": "30.0.0.20",
    "vendor": "Funambol",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}