CVE-2025-41338 HIGH

CVE-2025-41338: Missing Authorization vulnerability in CanalDenuncia.app

Vendor Canaldenuncia

Product CanalDenuncia.app

Weakness CWE-862 · Missing authorization

Published November 4, 2025

Last update November 4, 2025

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarTestigoByIdDenunciaUsuario.php'.

Key dates

02Disclosure timeline

November 4, 2025 CVE published

November 4, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-41338

Related vulnerabilities

04Related CVE

CVE-2025-64212 WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability CVE-2023-4105 Attachment of deleted message in a thread remains accessible and downloadable CVE-2025-9218 rtMedia for WordPress, BuddyPress and bbPress 4.7.0 - 4.7.3 - Missing Authorization to Unauthenticated Information Disclosure via handle_rest_pre_dispatch Function CVE-2025-62079 WordPress WP Export Categories & Taxonomies plugin <= 1.0.3 - Broken Access Control vulnerability CVE-2020-36833 Indeed Membership Pro 7.3 - 8.6 - Missing Authorization Checks