CVE-2025-56392

Published: Sep 30, 2025Modified: Oct 15, 2025

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An Insecure Direct Object Reference (IDOR) in the /dashboard/notes endpoint of Syaqui Collegetivity v1.0.0 allows attackers to impersonate other users and perform arbitrary operations via a crafted POST request.

Affected (1)

Products: Syauqi: Collegetivity

Syauqi

1 product

Collegetivity

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Syauqi Collegetivity	Version 1.0.0

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (3)

https://github.com/Zelilac/vulnerability-research/tree/main/CVE-2025-56392

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/syauqi/collegetivity

Source: cve@mitre.org

Product

https://github.com/Zelilac/vulnerability-research/tree/main/CVE-2025-56392

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.