CVE-2025-3574 Information

Description

Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via \idUsuario\ parameter in /helper/Familia/obtenerFamiliaUsuario\ endpoint.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/insecure-direct-object-reference-deporsite-t-innova