CVE-2025-10947 | Sistemas Pleno Gestão de Locação up to 2025.7.x CPF validarCpf pes_cpf authorization

September 25, 2025 Yanac

A vulnerability categorized as critical has been discovered in Sistemas Pleno Gestão de Locação up to 2025.7.x. The impacted element is an unknown function of the file /api/areacliente/pessoa/validarCpf of the component CPF Handler. Executing manipulation of the argument pes_cpf can lead to authorization bypass.

This vulnerability is handled as CVE-2025-10947. The attack can be executed remotely. Additionally, an exploit exists.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More