CVE-2025-11843

Therefore™ Online and Therefore™ On-Premises contains an account impersonation issue, which could potentially allow the attacker to access all the stored data

Description

Therefore Corporation GmbH has recently become aware that Therefore™ Online and Therefore™ On-Premises contain an account impersonation vulnerability. A malicious user may potentially be able to impersonate the web service account or the account of a service using the API when connecting to the Therefore™ Server. If the malicious user gains this impersonation user access, then it is possible for them to access the documents stored in Therefore™. This impersonation is at application level (Therefore access level), not the operating system level.

INFO

Published Date :

2025-10-31T09:43:08.597Z

Last Modified :

2025-10-31T18:52:36.823Z

Source :

Canon_EMEA

AFFECTED PRODUCTS

The following products are affected by CVE-2025-11843 vulnerability.

Vendors	Products
Therefore Corporation	Therefore

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-11843.

URL	Resource
https://www.canon-europe.com/psirt/advisory-information/

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability