CVE-2025-41351

Vulnerability Description

Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an attacker to decrypt and encrypt the parameters used by the application to generate ‘self-signed’ access URLs.

Vulnerability Details

Published Date

January 28, 2026

Last Modified

January 29, 2026

CWE ID

CWE-649

Source

NVD

Vendor

Funambol

Product

Cloud Server

External References

https://www.incibe.es/en/incibe-cert/notices/aviso/weak-encryption-funambols-cloud-server

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment