CVE Catalog

CVE-2025-69752

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

6th percentile - higher than 6% of all known CVEs

Summary

An issue in the 'My Details' user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in the My Details page URL.

Risk Assessment

The risk involves unauthorized access to sensitive personal data of other users, potentially leading to privacy breaches and legal consequences.

Recommendation

Immediately update Ideagen Q-Pulse to the latest version that fixes this vulnerability and implement access authorization mechanisms for profile data.

Original NVD description (English source)

An issue in the "My Details" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in the My Details page URL.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS