Home

Description

Insecure Direct Object Reference (IDOR) vulnerability in Clickedu. This vulnerability could allow an attacker to retrieve information about student report cards.

PUBLISHED Reserved 2025-04-16 | Published 2025-05-26 | Updated 2025-05-27 | Assigner INCIBE




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-639 Authorization Bypass Through User-Controlled Key

Product status

Default status
unaffected

all versions
affected

Credits

Kevin Gonzalvo Vicente finder

References

www.incibe.es/...ecure-direct-object-reference-idor-clickedu

cve.org (CVE-2025-40650)

nvd.nist.gov (CVE-2025-40650)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.