CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-3013: Insecure direct object references (IDOR) in NightWolf Penetration Platform

8.3 CVSS

Description

Insecure Direct Object References (IDOR) in access control in Customer Portal before 2.1.4 on NightWolf Penetration Testing allows an attacker to access via manipulating request parameters or object references.

Classification

CVE ID: CVE-2025-3013

CVSS Base Severity: HIGH

CVSS Base Score: 8.3

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Problem Types

CWE-285: Improper Authorization

Affected Products

Vendor: FPT Software

Product: NightWolf Penetration Platform

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 12.7% (scored less or equal to compared to others)

EPSS Date: 2025-04-29 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-3013
https://bug.report.night-wolf.io/changelogs

Timeline

2025-03-31 04:40:19 UTC
CVE

Insecure direct object references (IDOR) in NightWolf Penetration Platform