Authorization Flaw in CanalDenuncia.app Exposes User Data
CVE-2025-41338

8.7HIGH

Key Information:

Vendor: Canaldenuncia
Status: Canaldenuncia.app
Vendor: CVE Published:; 4 November 2025

🔔 Create Canaldenuncia Vulnerability Alert

What is CVE-2025-41338?

An authorization flaw has been identified in CanalDenuncia.app that permits unauthorized access to sensitive user information. By manipulating POST requests with the parameters 'id_denuncia' and 'id_user' in the '/backend/api/buscarTestigoByIdDenunciaUsuario.php' endpoint, attackers can retrieve data belonging to other users. This poses a significant risk to user privacy and data integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

CanalDenuncia.app 0 < 4.4.8

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Nov 4, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

David Utón Amaya (m3n0sd0n4ld)

JSON

Canaldenuncia

What is CVE-2025-41338?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.