CVE-2025-4762

Severity CVSS v4.0:

LOW

Type:

CWE-20 Input Validation

Publication date:

15/05/2025

Last modified:

15/04/2026

Description

Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers.

Impact

Vector 4.0

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N CVSS v4.0 Severity and Metrics:

Base Score: 2.00 LOW
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Attack Vector (AV): Network
Attack Complexity (AC): High
Attack Requirements (AT): None
Privileges Required (PR): Low
User Interaction (UI): Active
Confidentiality (VC): Low
Integrity (VI): None
Availability (VA): None
Confidentiality (SC): Low
Integrity (SI): None
Availability (SA): None

Base Score 4.0

2.00

Severity 4.0

LOW

References to Advisories, Solutions, and Tools

https://edgewatch.com/vulnerability-advisories/path-traversal-and-idor-vulnerabilities-in-esignaviewer-allow-unauthorized-file-access/