CVE-2025-61876

CVSS v3.1

5.0

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Inforcer Platform version 2.0.153

Description An Insecure Direct Object Reference (IDOR) exists in the /tenants/{id} API endpoint. An authenticated user with low privileges can access tenant information belonging to other clients by modifying the tenant ID (id) in the request URL. This allows enumeration of data not intended for the user.

Recommendations Apply appropriate access controls to the /tenants/{id} API endpoint to ensure users can only access their own tenant information.

Exploit

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2025-61876

Affected Products

Inforcer Platform

CVE-2025-61876

Weakness Enumeration

Related Identifiers

Affected Products

References · 5