CWE-639— Authorization Bypass Through User-Controlled Key (IDOR)
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.— MITRE CWE catalog
1,857 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-639page 24 of 38
- CVE-2025-59133HIGHCVSS 7.5EG 7.52026-06-15
Custom role Insecure Direct Object References (IDOR) in Projectopia <= 5.1.25.2 versions.
- CVE-2025-5947CRITICALCVSS 9.8EG 9.82025-08-01
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's cookie value prior to lo…
- CVE-2025-5948CRITICALCVSS 9.8EG 9.82025-09-19
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's identity prior to claiming a …
- CVE-2025-5949HIGHCVSS 8.8EG 8.82025-11-01
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's identity prior to processing …
- CVE-2025-59562MEDIUMCVSS 5.5EG 5.52025-09-22
Authorization Bypass Through User-Controlled Key vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through <= 3.3.4.
- CVE-2025-59687MEDIUMCVSS 4.3EG 4.32025-10-01
IMPAQTR Aurora before 1.36 allows Insecure Direct Object Reference attacks against the users list, organization details, bookmarks, and notifications of an arbitrary organization.
- CVE-2025-6038HIGHCVSS 8.8EG 8.82025-10-09
The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation via password update in all versions up to, and including, 1.4.0. This is due to the plugin not…
- CVE-2025-60511MEDIUMCVSS 4.3EG 4.32025-10-21
Moodle OpenAI Chat Block plugin 3.0.1 (2025021700) suffers from an Insecure Direct Object Reference (IDOR) vulnerability due to insufficient validation of the blockId parameter in /blocks/openai_chat/api/completion.php. An authenticated st…
- CVE-2025-61075HIGHCVSS 8.1EG 8.12025-12-09
Multiple Incorrect Access Control vulnerabilities in adata Software GmbH Mitarbeiterportal 2.15.2.0 allow remote authenticated, low-privileged users to carry out administrative functions and manipulate data of other users via unauthorized …
- CVE-2025-61148MEDIUMCVSS 6.5EG 6.52025-12-04
An Insecure Direct Object Reference (IDOR) vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to access other students personal and financial records by modifying the 'rec_no' parameter in the /student/…
- CVE-2025-61779HIGHCVSS 8.7EG 8.72025-10-09
Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting…
- CVE-2025-61876MEDIUMCVSS 5.0EG 5.02025-10-29
Insecure Direct Object Reference (IDOR) in /tenants/{id} API endpoint in Inforcer Platform version 2.0.153 allows an authenticated user with low privileges to enumerate and access tenant information belonging to other clients via modificat…
- CVE-2025-61950MEDIUMCVSS 4.3EG 4.32025-12-12
In GroupSession, a Circular notice can be created with its memo field non-editable, but the authorization check is improperly implemented. With some crafted request, a logged-in user may alter the memo field. The affected products and vers…
- CVE-2025-62180HIGHCVSS 7.1EG 7.12026-06-23
Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs.
- CVE-2025-62241MEDIUMCVSS 4.3EG 4.32025-10-13
Insecure Direct Object Reference (IDOR) vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual ins…
- CVE-2025-62242MEDIUMCVSS 4.3EG 4.32025-10-13
Insecure Direct Object Reference (IDOR) vulnerability with account addresses in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote …
- CVE-2025-62244MEDIUMCVSS 4.3EG 4.32025-10-13
Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.3.1 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92, and 7.3 GA through upd…
- CVE-2025-62252MEDIUMCVSS 4.3EG 4.32025-10-13
Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older…
- CVE-2025-63043MEDIUMCVSS 5.3EG 5.32025-12-18
Authorization Bypass Through User-Controlled Key vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Block…
- CVE-2025-63053MEDIUMCVSS 5.3EG 5.32025-12-31
Authorization Bypass Through User-Controlled Key vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor…
- CVE-2025-63065MEDIUMCVSS 5.3EG 5.42025-12-09
Authorization Bypass Through User-Controlled Key vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media LIbrary Assist…
- CVE-2025-63248HIGHCVSS 7.5EG 7.52025-11-05
DWSurvey 6.14.0 is vulnerable to Incorrect Access Control. When deleting a questionnaire, replacing the questionnaire ID with the ID of another questionnaire can enable the deletion of other questionnaires.
- CVE-2025-6329HIGHCVSS 8.1EG 5.42025-06-20
A vulnerability was found in ScriptAndTools Real Estate Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file userdelete.php of the component User Delete Handler. The manipulation of t…
- CVE-2025-63291MEDIUMCVSS 5.4EG 6.52025-11-14
When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being requested by the caller. The Alteryx server did not check whether the authenticated user had permission …
- CVE-2025-63513MEDIUMCVSS 6.5EG 6.52025-11-18
kishan0725 Hospital Management System v4 has an Insecure Direct Object Reference (IDOR) vulnerability in the appointment cancellation functionality.
- CVE-2025-64011MEDIUMCVSS 4.3EG 4.32025-12-12
Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any authenticated user can access previews of arbitrary files belonging to other users by manipulating the fileId parameter.…
- CVE-2025-64012MEDIUMCVSS 4.3EG 5.32025-12-16
InvoicePlane commit debb446c is vulnerable to Incorrect Access Control. The invoices/view handler fails to verify ownership before returning invoice data.
- CVE-2025-64067MEDIUMCVSS 5.3EG 5.32025-11-25
Primakon Pi Portal 1.0.18 API endpoints responsible for retrieving object-specific or filtered data (e.g., user profiles, project records) fail to implement sufficient server-side validation to confirm that the requesting user is authorize…
- CVE-2025-64105MEDIUMCVSS 5.1EG 5.12026-06-23
FOSSBilling is a billing and client management system that automates invoicing, payments, and communication for online service businesses. Versions 0.6.21 through 0.7.2 are vulnerable to IDOR through the support ticket creation workflow. B…
- CVE-2025-64282MEDIUMCVSS 4.3EG 4.32025-12-18
Authorization Bypass Through User-Controlled Key vulnerability in RadiusTheme Radius Blocks radius-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Radius Blocks: from n/a through <= 2.2.1.
- CVE-2025-64283MEDIUMCVSS 6.5EG 6.52025-10-29
Authorization Bypass Through User-Controlled Key vulnerability in Rometheme RTMKit rometheme-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RTMKit: from n/a through <= 1.6.7.
- CVE-2025-64431HIGHCVSS 8.7EG 8.72025-11-07
Zitadel is an open source identity management platform. Versions 4.0.0-rc.1 through 4.6.2 are vulnerable to secure Direct Object Reference (IDOR) attacks through its V2Beta API, allowing authenticated users with specific administrator role…
- CVE-2025-64497MEDIUMCVSS 6.5EG 6.52025-12-08
Tuleap is an Open Source Suite for management of software development and collaboration. Versions below 17.0.99.1762431347 of Tuleap Community Edition and Tuleap Enterprise Edition below 17.0-2, 16.13-7 and 16.12-10 allow attackers to acc…
- CVE-2025-64516HIGHCVSS 7.5EG 7.52026-01-15
GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item (ticket, asset, ...). If the public FAQ is enabled, this unauthorized access can be p…
- CVE-2025-64523HIGHCVSS 8.8EG 8.82025-11-12
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Versions prior to 2.45.1 have an Insecure Direct Object Reference (IDOR) vulnerability in th…
- CVE-2025-64706HIGHCVSS 7.5EG 5.02025-11-13
Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an Insecure Direct Object Reference (IDOR) vulnerability exists in the API token management endpoint. An authenticated attacker can delete any …
- CVE-2025-65020MEDIUMCVSS 6.5EG 6.52025-11-19
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference (IDOR) vulnerability in the poll duplication endpoint (/api/trpc/polls.duplicate) allows any authenticated user to dupl…
- CVE-2025-65021CRITICALCVSS 9.1EG 9.12025-11-19
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference (IDOR) vulnerability exists in the poll finalization feature of the application. Any authenticated user can finalize a …
- CVE-2025-65028MEDIUMCVSS 6.5EG 6.52025-11-19
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an insecure direct object reference (IDOR) vulnerability allows any authenticated user to modify other participants’ votes in polls without authorization…
- CVE-2025-65029HIGHCVSS 8.1EG 8.12025-11-19
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an insecure direct object reference (IDOR) vulnerability allows any authenticated user to delete arbitrary participants from polls without ownership verifi…
- CVE-2025-65030HIGHCVSS 7.1EG 7.12025-11-19
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the comment deletion API allows any authenticated user to delete comments belonging to other users, including poll owners and admi…
- CVE-2025-65031MEDIUMCVSS 6.5EG 6.52025-11-19
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization flaw in the comment creation endpoint allows authenticated users to impersonate any other user by altering the authorName field i…
- CVE-2025-65032MEDIUMCVSS 6.5EG 6.52025-11-19
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference (IDOR) vulnerability allows any authenticated user to change the display names of other participants in polls without b…
- CVE-2025-65033HIGHCVSS 8.1EG 8.12025-11-19
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the poll management feature allows any authenticated user to pause or resume any poll, regardless of ownership. The system only us…
- CVE-2025-65034HIGHCVSS 8.1EG 8.12025-11-19
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization vulnerability allows any authenticated user to reopen finalized polls belonging to other users by manipulating the pollId paramet…
- CVE-2025-65096MEDIUMCVSS 4.3EG 4.32025-12-03
RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, users can read private collections / smart collections belonging to other users…
- CVE-2025-65097MEDIUMCVSS 6.5EG 6.52025-12-03
RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, an Authenticated User can delete collections belonging to other users by direct…
- CVE-2025-65098HIGHCVSS 7.4EG 7.42026-01-22
Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript …
- CVE-2025-6534MEDIUMCVSS 6.8EG 4.22025-06-24
A vulnerability, which was classified as problematic, was found in xxyopen/201206030 novel-plus up to 5.1.3. This affects the function remove of the file novel-admin/src/main/java/com/java2nb/common/controller/FileController.java of the co…
- CVE-2025-65647MEDIUMCVSS 4.3EG 4.32025-11-25
Insecure Direct Object Reference (IDOR) in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter.
Map vulnerabilities like CWE-639 to your infrastructure
EchelonGraph correlates every CVE — across CWE-639 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →