CVE-2025-69907

Gravedad:

Pendiente de análisis

Tipo:

No Disponible / Otro tipo

Fecha de publicación:

23/01/2026

Última modificación:

23/01/2026

Descripción

*** Pendiente de traducción *** An unauthenticated information disclosure vulnerability exists in Newgen OmniDocs due to missing authentication and access control on the /omnidocs/GetListofCabinet API endpoint. A remote attacker can access this endpoint without valid credentials to retrieve sensitive internal configuration information, including cabinet names and database-related metadata. This allows unauthorized enumeration of backend deployment details and may facilitate further targeted attacks.

Impacto

Referencias a soluciones, herramientas e información

https://github.com/CBx216/CVE-Newgen-Software-Advisories/blob/main/CVE-2025-69907.md
https://newgensoft.com/