CVE-2025-65681
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-26
Last updated on: 2025-12-30
Assigner: MITRE
Description
Description
An issue was discovered in Overhang.IO (tutor-open-edx) (overhangio/tutor) 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| edly | tutor | 20.0.2 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-524 | The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere. |
| CWE-384 | Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Overhang.IO (tutor-open-edx) version 20.0.2 allows local unauthorized attackers to access sensitive information because the application lacks proper cache-control HTTP headers and client-side session checks.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized local attackers gaining access to sensitive information, potentially compromising user data and privacy.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70