CVE-2025-34293
GN4 Publishing System Insecure Direct Object Reference (IDOR) Information Disclosure
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference (IDOR) vulnerability via the API. Authenticated requests to the API's object endpoints allow an authenticated user to request arbitrary user IDs and receive sensitive account data for those users, including the stored password and the account's security question and answer. The exposed recovery data and encrypted password may be used to reset or take over the target account.
| CWE | CWE-639 |
| Vendor | naviga global / miles 33 |
| Product | gn4 publishing system |
| Published | Oct 24, 2025 |
| Last Updated | May 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for naviga global / miles 33 gn4 publishing system
Be the first to know when new unknown vulnerabilities affecting naviga global / miles 33 gn4 publishing system are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Naviga Global / Miles 33 / GN4 Publishing System
0 < 2.6
References
miles33.com: https://www.miles33.com/news/news/5955/naviga--miles-33--acquisition.html nne.navigacloud.com: https://nne.navigacloud.com/GN4Help/gn4_introduction_to_gn4.htm miles33.com: https://www.miles33.com/section/14/gn4 vulncheck.com: https://www.vulncheck.com/advisories/gn4-publishing-system-idor-information-disclosure
Credits
Victor A. Morales, Senior Pentester Team Leader, GMSecTec Inc. Omar Crespo, Pentester, GMSecTec Inc.