Authorization Bypass Vulnerability in CanalDenuncia.app
CVE-2025-41343

8.7HIGH

Key Information:

Vendor: Canaldenuncia
Status: Canaldenuncia.app
Vendor: CVE Published:; 4 November 2025

🔔 Create Canaldenuncia Vulnerability Alert

What is CVE-2025-41343?

A significant authorization bypass vulnerability has been discovered in CanalDenuncia.app. This issue allows unauthorized users to gain access to sensitive information belonging to other users by exploiting a flaw in the application's API. By sending a specially crafted POST request through the 'email' parameter in '/backend/api/users/searchUserByEmail.php', an attacker can retrieve personal data that should remain protected. This vulnerability raises serious concerns regarding user privacy and requires immediate attention to safeguard against potential data breaches.

Affected Version(s)

CanalDenuncia.app 0 < 4.4.8

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 4, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

David Utón Amaya (m3n0sd0n4ld)

JSON