QwikSec

Security Database

CVE

CWE

Training

CVE-2025-41012

Published: Dec 2, 2025

Modified: Dec 2, 2025

PUBLISHED

Description

Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'.

Vendor	Product	Versions
TCMAN	GIM	affected `0 - < 20250304`

Weaknesses (CWE)

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcman-gim-2

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.