CVE-2025-60982

Published: Oct 27, 2025Modified: Oct 30, 2025

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.5

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

IDOR vulnerability in Educare ERP 1.0 (2025-04-22) allows unauthorized access to sensitive data via manipulated object references. Affected endpoints do not enforce proper authorization checks, allowing authenticated users to access or modify data belonging to other users by changing object identifiers in API requests. Attackers can exploit this flaw to view or modify sensitive records without proper authorization.

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (3)

https://github.com/handyteddy/Security-Advisories/blob/main/Educare-IDOR.md

Source: cve@mitre.org

https://www.educare.school/

Source: cve@mitre.org

https://github.com/handyteddy/Security-Advisories/blob/main/Educare-IDOR.md

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Timeline

No history available yet.