CVE-2025-12461 MEDIUM

CVE-2025-12461: Unprotected access to parts of the application in Epsilon RH by Grupo Castilla

Vendor Grupo Castilla
Product Epsilon RH
Weakness CWE-522 · Insufficiently protected credentials
Published October 29, 2025
Last update October 29, 2025

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

This vulnerability allows an attacker to access parts of the application that are not protected by any type of access control. The attacker could access this path ‘…/epsilonnet/License/About.aspx’ and obtain information on both the licence and the configuration of the product by knowing which modules are installed.

Key dates

02Disclosure timeline

October 29, 2025 CVE published
October 29, 2025 Record updated