Insecure Direct Object References in NightWolf Customer Portal
CVE-2025-3013

8.3HIGH

Key Information:

Vendor: Fpt Software
Status: Nightwolf Penetration Platform
Vendor: CVE Published:; 31 March 2025

🔔 Create Fpt Software Vulnerability Alert

What is CVE-2025-3013?

The NightWolf Customer Portal is susceptible to Insecure Direct Object References, allowing malicious users to bypass access control by manipulating request parameters or object references. This security flaw can expose sensitive information or functionalities to unauthorized users, highlighting the importance of implementing robust access control mechanisms. Users are advised to upgrade to version 2.1.4 or later to mitigate this risk.

Affected Version(s)

NightWolf Penetration Platform 2.1.2 <= 2.1.4

NightWolf Penetration Platform 2.1.5

References

https://bug.report.night-wolf.io/changelogs

CVSS V4

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 31, 2025
Vulnerability Reserved
Mar 31, 2025

Credit

Phan Quang Bao (quangbao368@gmail.com)

CVE-2025-3013 Data

JSON