πŸ” CVE Alert

CVE-2025-40646

UNKNOWN 0.0

Exposure of sensitive information in Viday

CVSS Score
0.0
EPSS Score
0.2%
EPSS Percentile
9th

Exposure of sensitive information in Viday. This vulnerability could allow an attacker to obtain sensitive information about customers by intercepting HTTP requests and searching for the JWT containing sensitive user information in the JWT payload.

CWE CWE-200
Vendor viday
Product viday
Published Oct 2, 2025
Last Updated Jul 15, 2026
Stay Ahead of the Next One

Get instant alerts for viday viday

Be the first to know when new unknown vulnerabilities affecting viday viday are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

ViDay / ViDay
all versions

References

NVD β†— CVE.org β†— EPSS Data β†—
incibe.es: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-viday

Credits

Carolina GΓ³mez Uriarte Gema de la Fuente Romero