CVE-2025-10947 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A flaw has been found in Sistemas Pleno Gestão de Locação up to 2025.7.x. The impacted element is an unknown function of the file /api/areacliente/pessoa/valida…
Medium CVSS: 5.5

CVE-2025-10947

A flaw has been found in Sistemas Pleno Gestão de Locação up to 2025.7.x. The impacted element is an unknown function of the file /api/areacliente/pessoa/validarCpf of the component CPF Handler. Executing a manipulation of the argument pes_cpf can lead to authorization bypass. The attack can be executed remotely. The exploit has been published and may be used. Upgrading to version 2025.8.0 is sufficient to resolve this issue. It is advisable to upgrade the affected component.
Vendor
-
Product
-
CWE
CWE-285
Yayın Tarihi
2025-09-25 13:15:31
Güncelleme
2026-03-25 13:16:24
Source Identifier
cna@vuldb.com
KEV Date Added
-

Kategoriler

CWE-285 MEDIUM 2025

Referanslar

https://github.com/lfparizzi/CVE-Sistemas_Pleno/tree/main https://github.com/lfparizzi/CVE-Sistemas_Pleno/tree/main?tab=readme-ov-file#-proofs https://vuldb.com/?ctiid.325817 https://vuldb.com/?id.325817 https://vuldb.com/?submit.652282 https://github.com/lfparizzi/CVE-Sistemas_Pleno/tree/main https://github.com/lfparizzi/CVE-Sistemas_Pleno/tree/main?tab=readme-ov-file#-proofs