Authorization Flaw in CanalDenuncia.app Exposes User Data
CVE-2025-41112

8.7HIGH

Key Information:

Vendor: Canaldenuncia
Status: Canaldenuncia.app
Vendor: CVE Published:; 4 November 2025

🔔 Create Canaldenuncia Vulnerability Alert

What is CVE-2025-41112?

A security flaw has been identified in CanalDenuncia.app that allows attackers to gain unauthorized access to users' sensitive information. This vulnerability arises from improper authorization controls within the application. By exploiting this flaw, an attacker can send a crafted POST request through the 'web' parameter in the endpoint '/backend/api/buscarConfiguracionParametros2.php', which enables access to the information of other users without permission. Such vulnerabilities pose significant risks to user privacy and data integrity, and users are advised to ensure that they are on secure versions of the application and to monitor for any unusual activities.

Affected Version(s)

CanalDenuncia.app 0 < 4.4.8

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 4, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

David Utón Amaya (m3n0sd0n4ld)

JSON