CVE-2025-63294

Unknown Unknown - Not Provided

BaseFortify

Publication date: 2025-11-04

Last updated on: 2026-02-04

Assigner: MITRE

Description

WorkDo HRM SaaS HR and Payroll Tool 8.1 is affected vulnerable to Insecure Permissions. An authenticated user can create leave or resignation records on behalf of other users.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2025-11-04

Last Modified

2026-02-04

Generated

2026-06-16

AI Q&A

2025-11-04

EPSS Evaluated

2026-06-14

NVD

CVE-2025-63294

EUVD

EUVD-2025-37760

Affected Vendors & Products

Vendor	Product	Version / Range
workdo	hrm	8.1
workdo	hrm_saas	8.1

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-862	The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

Executive Summary

This vulnerability in WorkDo HRM SaaS HR and Payroll Tool 8.1 allows an authenticated user to create leave or resignation records on behalf of other users due to insecure permissions.

Impact Analysis

The vulnerability can impact you by allowing unauthorized modification of leave or resignation records, potentially leading to incorrect HR data and misuse of employee records.

Hi! I’m here to help you understand CVE-2025-63294. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2025-63294

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart