CVE-2025-4762
Description
Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Insecure Direct Object Reference in eSignaViewer allows unauthenticated attackers to access arbitrary files via manipulation of file paths and object identifiers.
Insecure Direct Object Reference (IDOR) vulnerability exists in the eSignaViewer component of eSigna product versions 1.0 to 1.5. The vulnerability stems from insufficient authorization checks on user-controlled object references, such as document IDs and file paths, allowing attackers to bypass intended access controls.
An unauthenticated attacker can exploit this by crafting malicious requests that manipulate file paths or object identifiers to access arbitrary files in the document system. No authentication is required, and the attack can be performed remotely over the network.
Successful exploitation enables unauthorized reading of potentially sensitive files stored in the document system, which could lead to data exposure and regulatory compliance violations. However, the overall impact is considered low severity.
Lleidanet PKI has released patched versions of eSignaViewer that implement stronger input validation and robust authorization controls. Organizations are strongly advised to upgrade to the latest versions and adopt complementary security measures such as logging suspicious activities and performing regular security audits [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.