cvedb.io
CVE-2025-40669
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2025-06-09T13:15:22.803 · Last modified 2026-06-17T09:21:55.703

Summary

Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to modify the permissions held by each of the application's users, including the user himself by sending a POST request to /PC/Options.aspx?Command=2&Page=-1.

Affected products

tcman — gim

Does this affect you?

Add your gear to cvedb and we'll alert you only when tcman ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.