We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-2271

IDOR in Issuetrak NewAuditID parameter via Inv_PopTrakXShow.asp



Description

A vulnerability exists in Issuetrak v17.2.2 and prior that allows a low-privileged user to access audit results of other users by exploiting an Insecure Direct Object Reference (IDOR) vulnerability in the Issuetrak audit component. The vulnerability enables unauthorized access to sensitive information, including user details, network and hardware information, installed programs, running processes, drives, and printers. Due to improper access controls, an attacker can retrieve audit data belonging to other users, potentially leading to unauthorized data exposure, privacy violations, and security risks.

Reserved 2025-03-13 | Published 2025-03-13 | Updated 2025-03-13 | Assigner Gridware


HIGH: 7.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Problem types

CWE-639 Authorization Bypass Through User-Controlled Key

Product status

Default status
unknown

Issuetrak 17.2.2 and prior
affected

Credits

Francesco Varotto finder

References

helpcenter.issuetrak.com/home/2340-issuetrak-release-notes

cve.org (CVE-2025-2271)

nvd.nist.gov (CVE-2025-2271)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2025-2271

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.