CVE-2025-41014 – User Enumeration vulnerability in TCMAN GIM

CVE ID : CVE-2025-41014

Published : Dec. 2, 2025, 1:18 p.m. | 1 hour, 7 minutes ago

Description : User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the ‘pda:username’ parameter with ‘soapaction GetLastDatePasswordChange’ in ‘/WS/PDAWebService.asmx’.

Severity: 6.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…