CVE-2025-41094 HIGH

CVE-2025-41094: Insecure Direct Object Reference in GPS BOLD Workplanner

Vendor Global Planning Solutions S.l (Gps)
Product BOLD Workplanner
Weakness CWE-639 · IDOR
Published September 30, 2025
Last update September 30, 2025

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated user to access to functional contract details using unauthorised internal identifiers.

Key dates

02Disclosure timeline

September 30, 2025 CVE published
September 30, 2025 Record updated