CVE-2025-3014 HIGH

CVE-2025-3014: Insecure direct object references (IDOR) in NightWolf Penetration Platform

Vendor Fpt Software
Product NightWolf Penetration Platform
Weakness CWE-285
Published March 31, 2025
Last update March 31, 2025
View on NVD All CVEs

CVSS base score

8.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

What the vulnerability does

01Description

Insecure Direct Object References (IDOR) in access control in Tracking 2.1.4 on NightWolf Penetration Testing allows an attacker to access via manipulating request parameters or object references.

Key dates

02Disclosure timeline

March 31, 2025 CVE published
March 31, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-12958 Rankology SEO and Analytics Tool <= 2.0 - Incorrect Authorization to Authenticated (Editor+) Header & Footer Code Creation CVE-2026-7631 code-projects Online Hospital Management System Registration improper authorization CVE-2025-64523 FileBrowser has Insecure Direct Object Reference (IDOR) in Share Deletion Function CVE-2026-2015 Portabilis i-Educar Final Status Import FinalStatusImportService.php improper authorization CVE-2025-13117 macrozheng mall-swarm/mall cancelOrder improper authorization