CVE-2025-40650 HIGH

CVE-2025-40650: Insecure Direct Object Reference (IDOR) in Clickedu

Vendor Clickedu
Product Clickedu
Weakness CWE-639 · IDOR
Published May 26, 2025
Last update May 27, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Insecure Direct Object Reference (IDOR) vulnerability in Clickedu. This vulnerability could allow an attacker to retrieve information about student report cards.

Key dates

02Disclosure timeline

May 26, 2025 CVE published
May 27, 2025 Record updated