CVE-2025-61876

Published: Oct 29, 2025Modified: Oct 30, 2025

5.0

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Exploitability: 3.1 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Insecure Direct Object Reference (IDOR) in /tenants/{id} API endpoint in Inforcer Platform version 2.0.153 allows an authenticated user with low privileges to enumerate and access tenant information belonging to other clients via modification of the tenant ID in the request URL.

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (3)

https://silvatech.uk/cve-2025-61876-inforcer-platform/

Source: cve@mitre.org

https://www.inforcer.com/platform

Source: cve@mitre.org

https://silvatech.uk/cve-2025-61876-inforcer-platform/

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Timeline

No history available yet.