Insecure Direct Object References in Tracking on NightWolf Penetration Testing
CVE-2025-3014
8.3HIGH
What is CVE-2025-3014?
The Insecure Direct Object References vulnerability in Tracking 2.1.4 from NightWolf Penetration Testing enables malicious users to bypass access controls. By simply manipulating request parameters or object references, attackers can gain unauthorized access to sensitive information or functionalities intended for other users. This security flaw highlights the importance of implementing robust access control mechanisms and rigorous input validation to safeguard user data and ensure system integrity.
Affected Version(s)
NightWolf Penetration Platform 2.1.4
NightWolf Penetration Platform 2.1.5
References
CVSS V4
Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Hoang Anh Khoa (khoahoang329@gmail.com)
Quyen Hong Son (sonqh.kma@gmail.com)