CVE-2025-2271 | THREATINT

Description

A vulnerability exists in Issuetrak v17.2.2 and prior that allows a low-privileged user to access audit results of other users by exploiting an Insecure Direct Object Reference (IDOR) vulnerability in the Issuetrak audit component. The vulnerability enables unauthorized access to sensitive information, including user details, network and hardware information, installed programs, running processes, drives, and printers. Due to improper access controls, an attacker can retrieve audit data belonging to other users, potentially leading to unauthorized data exposure, privacy violations, and security risks.

PUBLISHED Reserved 2025-03-13 | Published 2025-03-13 | Updated 2025-03-13 | Assigner Gridware

HIGH: 7.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Problem types

CWE-639 Authorization Bypass Through User-Controlled Key

Product status

Default status

unknown

Issuetrak 17.2.2 and prior

affected

Credits

Francesco Varotto finder

References

helpcenter.issuetrak.com/home/2340-issuetrak-release-notes

cve.org (CVE-2025-2271)

nvd.nist.gov (CVE-2025-2271)

Download JSON