exploitDog

CVE-2025-63294

Опубликовано: 04 нояб. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

WorkDo HRM SaaS HR and Payroll Tool 8.1 is affected vulnerable to Insecure Permissions. An authenticated user can create leave or resignation records on behalf of other users.

Ссылки

https://codecanyon.net/item/hrm-saas-hr-and-payroll-tool/25982934
Product
https://medium.com/@barrattjack89/cve-2025-63294-insecure-permissions-in-workdo-hrm-saas-hr-and-payroll-8-1-d6bb03c21177
Exploit
Third Party Advisory
https://workdo.io/hrm-saas-human-resource-management-software/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:workdo:hrm_saas:8.1:*:*:*:*:*:*:*

EPSS

Процентиль: 9%

0.00031

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-667f-v95m-q2xp

CVSS3: 6.5

github

3 месяца назад

WorkDo HRM SaaS HR and Payroll Tool 8.1 is affected vulnerable to Insecure Permissions. An authenticated user can create leave or resignation records on behalf of other users.

EPSS

Процентиль: 9%

0.00031

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-862