CVE-2025-41012 – Unauthorized access vulnerability in TCMAN GIM

CVE ID : CVE-2025-41012

Published : Dec. 2, 2025, 1:15 p.m. | 1 hour, 10 minutes ago

Description : Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the ‘pda:userId’ and ‘pda:newPassword’ parameters with ‘soapaction UnlockUser’ in ‘/WS/PDAWebService.asmx’.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-41066 – Disclosure of sensitive information in Horde Groupware

CVE-2025-13731 – Nexter Extension

CVE-2025-13295 – Sensitive Data Exposure in ArgusTech’s BILGER

CVE-2025-41086 – Authorization bypass in GAMS from GAMS Development Corp.