Account Impersonation Vulnerability in Therefore Corporation GmbH Products
CVE-2025-11843

8.8HIGH

Key Information:

Vendor: Therefore Corporation Gmbh
Status: Therefore Online And Therefore On-premises
Vendor: CVE Published:; 31 October 2025

🔔 Create Therefore Corporation Gmbh Vulnerability Alert

What is CVE-2025-11843?

Therefore Corporation GmbH has identified a vulnerability in Therefore™ Online and Therefore™ On-Premises that allows a malicious actor to impersonate a web service account or a service account utilizing the API connection to Therefore™ Server. This risk enables unauthorized access to documents stored within the platform, as the impersonation occurs at the application access level, posing a significant threat to data security. Users are advised to implement recommended mitigations to safeguard their systems.

Affected Version(s)

Therefore Online and Therefore On-Premises Windows 0 <= 2025

References

https://www.canon-europe.com/psirt/advisory-information/

vendor-advisorymitigation

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 31, 2025
Vulnerability Reserved
Oct 16, 2025

JSON