CVE-2025-55342

Published: Nov 5, 2025Modified: Jan 14, 2026

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Quipux 4.0.1 through e1774ac allows enumeration of usernames, and accessing the Ecuadorean identification number for all registered users via the Administracion/usuarios/cambiar_password_olvido_validar.php txt_login parameter.

Affected (1)

Products: Quipux: Quipux

Quipux

1 product

Quipux

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Quipux Quipux	Version 4.0.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://minka.gob.ec/quipux-comunitario/quipux-comunitario

Source: cve@mitre.org

Permissions Required

https://seguridaddigital.ec/research/20251101/report-20251101.en.pdf

Source: cve@mitre.org

Third Party Advisory

Timeline

No history available yet.