CVE-2025-60982

CVSS 5.4 Medium
  • CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
  • Published: 1761588943
  • Last modified: 1761592564

CVE-2025-60982 — IDOR vulnerability in Educare ERP 1.0 (2025-04-22) allows unauthorized access to sensitive data via manipulated object references. Affected endpoints do not enforce proper authorization checks, allowing authenticated users to access or modify data belonging to other users by changing object identifiers in API requests. Attackers can exploit this flaw to… [Severity (CVSS) 5.4]

Related CVE by CWE

No closely related CVE found.

Risk snapshot

EPSS: n/a   |   KEV: not listed

Related CVE by CWE

No related CWE found.

Top CVE for Vendor

No vendor taxonomy on this entry.

Recently Exploited Similar Vulnerabilities

No recent KEV-listed items for this vendor/product.

IDOR vulnerability in Educare ERP 1.0 (2025-04-22) allows unauthorized access to sensitive data via manipulated object references. Affected endpoints do not enforce proper authorization checks, allowing authenticated users to access or modify data belonging to other users by changing object identifiers in API requests. Attackers can exploit this flaw to view or modify sensitive records without proper authorization.

🧠 Explainer: What this vulnerability means

Summary: This vulnerability affects the product by the vendor (CWE: unspecified).

Impact: Systems could be compromised, leading to confidentiality, integrity, or availability loss.

Mitigation: Upgrade immediately to the remediated release and follow vendor hardening guidance.

No vendor/product data yet.

No explicit mitigation/advisory links found in references.