CVE-2025-11843 – Therefore™ Online and Therefore™ On-Premises contains an account impersonation issue, which could potentially allow the attacker to access all the stored data

CVE ID : CVE-2025-11843

Published : Oct. 31, 2025, 10:15 a.m. | 1 hour, 11 minutes ago

Description : Therefore Corporation GmbH has recently become aware that Therefore™ Online and Therefore™ On-Premises contain an account impersonation vulnerability. A malicious user may potentially be able to impersonate the web service account or the account of a service using the API when connecting to the Therefore™ Server. If the malicious user gains this impersonation user access, then it is possible for them to access the documents stored in Therefore™. This impersonation is at application level (Therefore access level), not the operating system level.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…