CVE-2025-69727

| EUVD-2025-208763 MEDIUM
2026-03-16 mitre
5.3
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 16, 2026 - 18:38 vuln.today
EUVD ID Assigned
Mar 16, 2026 - 18:38 euvd
EUVD-2025-208763
CVE Published
Mar 16, 2026 - 00:00 nvd
MEDIUM 5.3

Tags

Authentication Bypass

Description

An Incorrect Access Control vulnerability exists in INDEX-EDUCATION PRONOTE prior to 2025.2.8. The affected components (index.js and composeUrlImgPhotoIndividu) allow the construction of direct URLs to user profile images based solely on predictable identifiers such as user IDs and names. Due to missing authorization checks and lack of rate-limiting when generating or accessing these URLs, an unauthenticated or unauthorized actor may retrieve profile pictures of users by crafting requests with guessed or known identifiers.

Analysis

A security vulnerability in INDEX-EDUCATION PRONOTE (CVSS 5.3) that allows the construction of direct urls. Remediation should follow standard vulnerability management procedures.

Technical Context

CWE-284 (Improper Access Control). Affects INDEX-EDUCATION PRONOTE.

Affected Products

['INDEX-EDUCATION PRONOTE']

Remediation

Monitor vendor channels for patch availability.

Priority Score

27
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +26
POC: 0

Share

CVE-2025-69727 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy