PT-2025-38757 · Ard · Ard
Published
2025-09-22
·
Updated
2025-09-22
·
CVE-2025-55886
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ARD (affected versions not specified)
Description
An Insecure Direct Object Reference (IDOR) vulnerability exists in ARD. The flaw is located in the
fe uid parameter of the payment history API endpoint. An authenticated attacker can manipulate this parameter to access the payment history of other users without authorization. The affected API endpoint is /payment history.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Protection Mechanism Failure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ard