CVE-2025-3013

Summary

Insecure Direct Object References (IDOR) in access control in Customer Portal before 2.1.4 on NightWolf Penetration Testing allows an attacker to access via manipulating request parameters or object references.

Affected Software

VendorProductVersion RangeStatus
FPT SoftwareNightWolf Penetration Platform2.1.2 <= 2.1.4affected
FPT SoftwareNightWolf Penetration Platform2.1.5unaffected

Weaknesses

  • CWE-285: CWE-285: Improper Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References