CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-3014: Insecure direct object references (IDOR) in NightWolf Penetration Platform

8.3 CVSS

Description

Insecure Direct Object References (IDOR) in access control in Tracking 2.1.4 on NightWolf Penetration Testing allows an attacker to access via manipulating request parameters or object references.

Classification

CVE ID: CVE-2025-3014

CVSS Base Severity: HIGH

CVSS Base Score: 8.3

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Problem Types

CWE-285: Improper Authorization

Affected Products

Vendor: FPT Software

Product: NightWolf Penetration Platform

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 12.7% (scored less or equal to compared to others)

EPSS Date: 2025-04-29 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-3014
https://bug.report.night-wolf.io/changelogs

Timeline

2025-03-31 04:40:19 UTC
CVE

Insecure direct object references (IDOR) in NightWolf Penetration Platform