CVE-2025-1815

Name of the Vulnerable Software and Affected Versions pbrong hrms versions 1.0.0 through 1.0.1

Description A critical vulnerability was found in pbrong hrms, affecting the function HrmsDB of the file resourceresource.go. The manipulation of the argument user cookie leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For versions 1.0.0 through 1.0.1, consider disabling the HrmsDB function or restricting access to the resourceresource.go file until a patch is available. As a temporary workaround, avoid using the user cookie argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.