Direct Request Vulnerability in iroha Board by IrohaSoft
CVE-2025-41404

5.3MEDIUM

Key Information:

Vendor: Iroha Soft Co., Ltd.
Status: Iroha Board
Vendor: CVE Published:; 26 June 2025

🔔 Create Iroha Soft Co., Ltd. Vulnerability Alert

What is CVE-2025-41404?

A direct request vulnerability has been identified in iroha Board, allowing an attacker with valid login credentials to exploit forced browsing techniques. This flaw enables unauthorized access to non-public content, posing significant privacy and data security risks for users on versions v0.10.12 and earlier. Organizations utilizing this product should promptly assess their security posture and implement necessary measures to mitigate potential threats.

Affected Version(s)

iroha Board versions v0.10.12 and earlier

References

https://irohaboard.irohasoft.jp/security/

https://jvn.jp/en/jp/JVN92520966/

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2025
Vulnerability Reserved
Jun 23, 2025