1. Home
  2. CVE Database
  3. CVE-2025-60982
MEDIUM · 5.4

CVE-2025-60982

IDOR vulnerability in Educare ERP 1.0 (2025-04-22) allows unauthorized access to sensitive data via manipulated object references. Affected endpoints do not enforce proper authorization checks, allowi...

Vulnerability Description

IDOR vulnerability in Educare ERP 1.0 (2025-04-22) allows unauthorized access to sensitive data via manipulated object references. Affected endpoints do not enforce proper authorization checks, allowing authenticated users to access or modify data belonging to other users by changing object identifiers in API requests. Attackers can exploit this flaw to view or modify sensitive records without proper authorization.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Related Weaknesses (CWE)

CWE-284

References

FAQ

What is CVE-2025-60982?

CVE-2025-60982 is a vulnerability with a CVSS score of 5.4 (MEDIUM). IDOR vulnerability in Educare ERP 1.0 (2025-04-22) allows unauthorized access to sensitive data via manipulated object references. Affected endpoints do not enforce proper authorization checks, allowi...

How severe is CVE-2025-60982?

CVE-2025-60982 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-60982?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.