CVE-2025-41012: CWE-862 Missing Authorization in TCMAN GIM
Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'.
CVE-2025-41012: CWE-862 Missing Authorization in TCMAN GIM
Description
Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- INCIBE
- Date Reserved
- 2025-04-16T09:08:43.217Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 692ee9715ae7112264cd39c7
Added to database: 12/2/2025, 1:28:17 PM
Last updated: 12/2/2025, 1:28:19 PM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-40700: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IDI Eikon Governalia
MediumCVE-2025-11789: CWE-125 Out-of-bounds Read in SGE-PLC1000 SGE-PLC50 Circutor
HighCVE-2025-11788: CWE-122 Heap-based Buffer Overflow in SGE-PLC1000 SGE-PLC50 Circutor
HighCVE-2025-11787: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in SGE-PLC1000 SGE-PLC50 Circutor
HighCVE-2025-11786: CWE-121: Stack-based Buffer Overflow in SGE-PLC1000 SGE-PLC50 Circutor
HighActions
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.