Insecure Direct Object Reference in BOLD Workplanner by BOLD Technologies
CVE-2025-41098

7.1HIGH

Key Information:

Vendor: Global Planning Solutions S.l (gps)
Status: Bold Workplanner
Vendor: CVE Published:; 30 September 2025

🔔 Create Global Planning Solutions S.l (gps) Vulnerability Alert

What is CVE-2025-41098?

An Insecure Direct Object Reference (IDOR) vulnerability exists in BOLD Workplanner prior to version 2.5.25. This issue allows unauthorized access to sensitive resources via the misuse of a general enquiry web service, potentially exposing data to malicious actors. Users of affected versions should update to mitigate this security risk.

Affected Version(s)

BOLD Workplanner 2.5.24

References

https://www.incibe.es/en/incibe-cert/notices/aviso/insecu...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 30, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Ángel González

JSON