Insecure Direct Object Reference in DeporSite Affects T-INNOVA Products
CVE-2025-41069

5.3MEDIUM

Key Information:

Vendor: T-innova Deporsite
Status: Dsuite 2025
Vendor: CVE Published:; 13 November 2025

🔔 Create T-innova Deporsite Vulnerability Alert

What is CVE-2025-41069?

An Insecure Direct Object Reference vulnerability exists in DeporSite by T-INNOVA. This issue allows attackers to gain unauthorized access to or modify sensitive resources. By manipulating the 'idUsuario' parameter within the AJAX call to '/ajax/TInnova_v2/Formulario_Consentimiento/llamadaAjax/obtenerDatosConsentimientos', an attacker could potentially expose or alter confidential data, leading to serious security breaches. Proper access controls must be implemented to safeguard against this vulnerability.

Affected Version(s)

DSuite 2025 v02.14.1115

References

https://www.incibe.es/en/incibe-cert/notices/aviso/insecu...

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Pau Valls Peleteiro

JSON