CVE-2025-40650: Insecure Direct Object Reference (IDOR) in Clickedu

8.7 CVSS

Description

Insecure Direct Object Reference (IDOR) vulnerability in Clickedu. This vulnerability could allow an attacker to retrieve information about student report cards.

Classification

CVE ID: CVE-2025-40650

CVSS Base Severity: HIGH

CVSS Base Score: 8.7

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem Types

CWE-639 Authorization Bypass Through User-Controlled Key

Affected Products

Vendor: Clickedu

Product: Clickedu

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 16.88% (scored less or equal to compared to others)

EPSS Date: 2025-06-08 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-40650
https://www.incibe.es/en/incibe-cert/notices/aviso/insecure-direct-object-reference-idor-clickedu

Timeline

2025-05-26 09:30:26 UTC
Incibe CERT

Referencia directa a objetos inseguros (IDOR) en Clickedu
2025-05-26 13:40:21 UTC
CVE

Insecure Direct Object Reference (IDOR) in Clickedu