CVE-2025-45968
BaseFortify
Publication date: 2025-08-25
Last updated on: 2025-10-21
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| system_pdv_project | system_pdv | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Insecure Direct Object Reference (IDOR) in System PDV v1.0, where a remote attacker can use the 'hash' parameter in a URL to access other users' data or internal resources without proper authorization checks. This happens because the application does not properly verify permissions when accessing objects referenced by this parameter, allowing unauthorized access to sensitive information.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to unauthorized disclosure of sensitive information, potentially compromising confidentiality, integrity, and availability of data. An attacker could access other users' private data or internal resources, which may result in data breaches and significant security risks.