Cyber Resilience

CVE-2025-1642

MediumPublic PoC

Published: 25 February 2025

Published
25 February 2025
Modified
28 February 2025
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0056 68.7th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1642 is a medium-severity Resource Injection (CWE-99) vulnerability in Modernasistemas Modernanet. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 31.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-1642 is a critical vulnerability in Benner ModernaNet versions up to 1.1.0, affecting unknown code in the file /AGE0000700/GetImageMedico?fooId=1. The issue stems from improper control of resource identifiers (CWE-99, NVD-CWE-Other), triggered by manipulation of the fooId argument. It has a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N), indicating medium severity with network accessibility and low attack complexity.

A remote attacker with low privileges (PR:L) can exploit this vulnerability without user interaction. Successful exploitation allows limited disclosure of confidential information (C:L), such as unauthorized access to resources via injected identifiers, but does not impact integrity or availability.

VulDB advisories recommend upgrading to Benner ModernaNet version 1.1.1 to address the issue. Additional details are available in the referenced sources, including https://github.com/yago3008/cves, https://vuldb.com/?ctiid.296692, https://vuldb.com/?id.296692, and https://vuldb.com/?submit.499877.

EU & UK References

Vulnerability details

A vulnerability was found in Benner ModernaNet up to 1.1.0. It has been declared as critical. This vulnerability affects unknown code of the file /AGE0000700/GetImageMedico?fooId=1. The manipulation of the argument fooId leads to improper control of resource identifiers. The attack…

more

can be initiated remotely. Upgrading to version 1.1.1 is able to address this issue. It is recommended to upgrade the affected component.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

IDOR vulnerability (improper control of resource identifiers) in public-facing web endpoint /AGE0000700/GetImageMedico enables remote exploitation to access unauthorized sensitive data (e.g., doctor images, details) by manipulating fooId.

CVEs Like This One

CVE-2025-1643Same product: Modernasistemas Modernanet
CVE-2025-1641Same product: Modernasistemas Modernanet
CVE-2025-1640Same product: Modernasistemas Modernanet
CVE-2026-3693Shared CWE-99
CVE-2023-6605Shared CWE-99
CVE-2024-57971Shared CWE-99
CVE-2024-5706Shared CWE-99

Affected Assets

modernasistemas
modernanet
≤ 1.1.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates the fooId parameter to ensure only legitimate resource identifiers are accepted, directly preventing manipulation that leads to unauthorized information disclosure.

prevent

Enforces approved access authorizations on system resources, blocking unauthorized access even when manipulated identifiers like fooId are provided by low-privilege remote attackers.

prevent

Identifies and applies flaw remediation such as upgrading to Benner ModernaNet 1.1.1, eliminating the improper resource identifier control vulnerability.

References