CVE-2025-40669 Information

Description

Incorrect authorization vulnerability in TCMAN’s GIM v11. This vulnerability allows an unprivileged attacker to modify the permissions held by each of the application’s users including the user himself by sending a POST request to /PC/Options.aspx?Command=2&Page=-1.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcman-gim-1