QwikSec

Security Database

CVE

CWE

Training

CVE-2025-41014

Published: Dec 2, 2025

Modified: Dec 2, 2025

PUBLISHED

Description

User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetLastDatePasswordChange' in '/WS/PDAWebService.asmx'.

Vendor	Product	Versions
TCMAN	GIM	affected `0 - < 20250304`

Weaknesses (CWE)

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcman-gim-2

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.