{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T07:22:40.936","vulnerabilities":[{"cve":{"id":"CVE-2025-2306","sourceIdentifier":"a341c0d1-ebf7-493f-a84e-38cf86618674","published":"2025-05-16T13:15:52.307","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Access Control vulnerability was\nidentified in the file download functionality. This vulnerability allows users\nto download sensitive documents without authentication, if the URL is known.\n\n\n\nThe attack\nrequires the attacker to know the documents UUIDv4."},{"lang":"es","value":"Se identificó una vulnerabilidad de control de acceso inadecuado en la funcionalidad de descarga de archivos. Esta vulnerabilidad permite a los usuarios descargar documentos confidenciales sin autenticación si se conoce la URL. El ataque requiere que el atacante conozca el UUIDv4 de los documentos."}],"metrics":{"cvssMetricV31":[{"source":"a341c0d1-ebf7-493f-a84e-38cf86618674","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}]},"weaknesses":[{"source":"a341c0d1-ebf7-493f-a84e-38cf86618674","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://www.cirosec.de/sa/sa-2025-004","source":"a341c0d1-ebf7-493f-a84e-38cf86618674"}]}}]}