CVE-2025-60982

Name of the Vulnerable Software and Affected Versions Educare ERP version 1.0

Description An IDOR (Insecure Direct Object Reference) vulnerability exists that allows unauthorized access to sensitive data through manipulated object references. Affected API endpoints do not enforce proper authorization checks, enabling authenticated users to access or modify data belonging to other users by altering object identifiers in API requests. Attackers can exploit this flaw to view or modify sensitive records without appropriate authorization.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.