CVE-2025-13768

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WebITR versions (affected versions not specified)

Description WebITR developed by Uniong has an authentication bypass issue. Authenticated remote attackers can log in as any user by modifying a specific parameter. To exploit this, attackers must first obtain a user ID. The vulnerable parameter is not specified. The API endpoint is not specified. The function responsible for authentication is not specified.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2025-13768

Affected Products

Webitr

CVE-2025-13768

Weakness Enumeration

Related Identifiers

Affected Products

References · 12