CVE-2025-41404 MEDIUM

CVE-2025-41404

Vendor Iroha Soft Co., Ltd.
Product iroha Board
Weakness CWE-425 · Forced browsing
Published June 26, 2025
Last update June 26, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Direct request ('Forced Browsing') issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product.

Key dates

02Disclosure timeline

June 26, 2025 CVE published
June 26, 2025 Record updated