Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa specifically at the endpoint '/archivos/usuarios/[ID]/[username]/thumb_AAxAA.jpg' (translated as 80x90 and 40x45). Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the profile photos of all users via a manipulated URL, enabling them to collect user photos en masse. This could lead to these photos being used maliciously to impersonate identities, perform social engineering, link identities across platforms using facial recognition, or even carry out doxxing.
AnalysisAI
An Insecure Direct Object Reference (IDOR) vulnerability exists in Campus Educativa at the endpoint '/archivos/usuarios/[ID]/[username]/thumb_AAxAA.jpg' that allows unauthenticated attackers to enumerate and download profile photographs of all users by manipulating URL parameters. Successful exploitation enables mass collection of user photos for identity impersonation, social engineering, facial recognition-based identity linking across platforms, and doxxing attacks. With a CVSS score of 6.9 and no authentication required, this vulnerability poses a moderate-to-significant risk to user privacy and security.
Technical ContextAI
The vulnerability stems from inadequate access controls on file retrieval endpoints, classified under CWE-284 (Improper Access Control), where the application fails to properly validate that a requesting user has authorization to access profile image resources belonging to other users. Campus Educativa implements a file serving mechanism at '/archivos/usuarios/[ID]/[username]/thumb_AAxAA.jpg' that accepts user identifiers and usernames as path parameters to retrieve thumbnail images in two sizes (80x90 and 40x45 pixels). The application does not enforce proper authorization checks before serving these resources, allowing any unauthenticated user to request arbitrary combinations of [ID] and [username] values and receive the corresponding profile photo without authentication or session validation. This is a classic IDOR flaw where object references (user profile photos) are directly accessible via sequential or enumerable identifiers without server-side verification of user permissions.
RemediationAI
Immediately upgrade Campus Educativa to the patched version released by the vendor to address this IDOR vulnerability; contact Campus Educativa support or check the vendor's security advisory for the specific patched version and deployment instructions. As an interim mitigation while patches are being prepared or deployed, implement server-side access controls that verify the requesting user is authorized to access each profile photo before serving it, enforce mandatory authentication (remove the PR:N condition) for all '/archivos/usuarios/*' endpoints, and implement rate-limiting and IP-based access controls to prevent mass enumeration attacks. Additionally, place a reverse proxy or Web Application Firewall (WAF) in front of Campus Educativa configured to log all requests to '/archivos/usuarios/' endpoints and alert on suspicious enumeration patterns (e.g., rapid sequential ID requests or requests from non-campus IP ranges). Enable HTTPS with HSTS to prevent interception, and consider temporarily restricting network access to the application to trusted institutional networks until patching is complete.
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12379