Insecure Direct Object Reference in Envasadora H2O Eireli Product
CVE-2025-52389

8.8HIGH

Key Information:

Vendor: Envasadora H2O Eireli
Status: Soda Cristal
Vendor: CVE Published:; 8 September 2025

🔔 Create Envasadora H2O Eireli Vulnerability Alert

What is CVE-2025-52389?

An Insecure Direct Object Reference (IDOR) vulnerability in the Soda Cristal product by Envasadora H2O Eireli allows authenticated attackers to exploit the application. By crafting specific HTTP requests, attackers can gain unauthorized access to sensitive data belonging to other users, potentially leading to data breaches and privacy violations. It is crucial for users and administrators to review security practices and apply necessary updates to mitigate this issue.

References

https://www.app.sodacristal.com.br

https://github.com/ktr4ck3r/CVE-2025-52389

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 8, 2025
Vulnerability Reserved
Jun 16, 2025