CVE-2025-13953

Published: Dec 10, 2025

Modified: Dec 10, 2025

PUBLISHED

Description

Bypass vulnerability in the authentication method in the GTT Tax Information System application, related to the Active Directory (LDAP) login method. Authentication is performed through a local WebSocket, but the web application does not properly validate the authenticity or origin of the data received, allowing an attacker with access to the local machine or internal network to impersonate the legitimate WebSocket and inject manipulated information. Exploiting this vulnerability could allow an attacker to authenticate as any user in the domain, without the need for valid credentials, compromising the confidentiality, integrity, and availability of the application and its data.

Vendor	Product	Versions
GTT	Sistema de Información Tributario	affected `All versions`

Weaknesses (CWE)

CWE-290

References

https://www.incibe.es/en/incibe-cert/notices/aviso/bypass-authentication-method-gtt-sistema-de-informacion-tributario

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-13953

Description

Affected Products

Weaknesses (CWE)

References