CVE-2025-12461

Unprotected access to parts of the application in Epsilon RH by Grupo Castilla

Description

This vulnerability allows an attacker to access parts of the application that are not protected by any type of access control. The attacker could access this path ‘…/epsilonnet/License/About.aspx’ and obtain information on both the licence and the configuration of the product by knowing which modules are installed.

INFO

Published Date :

2025-10-29T10:51:36.915Z

Last Modified :

2025-10-29T13:33:58.079Z

Source :

INCIBE

AFFECTED PRODUCTS

The following products are affected by CVE-2025-12461 vulnerability.

Vendors	Products
Grupo Castilla	Epsilon Rh

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-12461.

URL	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/unprotected-access-parts-application-epsilon-rh-grupo-castilla

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability