CVE-2025-62362 MEDIUM

CVE-2025-62362: Name and e-mail of employee that has done a publication is discoverable in gpp-burgerportaal

Vendor Gpp-Woo
Product GPP-burgerportaal
Weakness CWE-359
Published October 13, 2025
Last update October 14, 2025
View on NVD All CVEs

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

What the vulnerability does

01Description

gpp-burgerportaal is a Dutch government citizen portal application. In versions before 2.0.3, 3.0.2, and 4.0.1, the name and email address of employees who publish content are exposed in network responses and can be discovered by viewing the browser's developer tools network tab. This information disclosure may violate employee privacy expectations and could be used for targeted attacks or unwanted contact. This issue has been patched in versions 2.0.3, 3.0.2, and 4.0.1. No known workarounds exist.

Key dates

02Disclosure timeline

October 13, 2025 CVE published
October 14, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-6053 Improper access control in the clipboard synchronization feature CVE-2024-29986 Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability CVE-2024-13217 Jeg Elementor Kit <= 2.6.11 - Authenticated (Contributor+) Sensitive Information Exposure via Countdown and Off-Canvas CVE-2025-24355 Updatecli may expose Maven credentials in console output CVE-2022-1365 Exposure of Private Personal Information to an Unauthorized Actor in lquixada/cross-fetch