Insecure Direct Object Reference in BOLD Workplanner Affects User Data Access
CVE-2025-41092

7.1HIGH

Key Information:

Vendor: Global Planning Solutions S.l (gps)
Status: Bold Workplanner
Vendor: CVE Published:; 30 September 2025

🔔 Create Global Planning Solutions S.l (gps) Vulnerability Alert

What is CVE-2025-41092?

An Insecure Direct Object Reference vulnerability in BOLD Workplanner allows authorized users to bypass restrictions and access time records by manipulating internal identifiers. This flaw stems from insufficient input validation, presenting a significant risk of unauthorized data exposure.

Affected Version(s)

BOLD Workplanner 2.5.24

References

https://www.incibe.es/en/incibe-cert/notices/aviso/insecu...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 30, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Ángel González

JSON