Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-32367

The Oz Forensics face recognition application before 4.0.8 late 2023 allows PII retrieval via /statistic/list Insecure Direct Object Reference. NOTE: the number 4.0.8 was used for both the unpatched and patched versions.

Published

2025-04-11T17:15:45.113

Last Modified

2025-04-15T18:39:43.697

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 8.6 (HIGH)

Weaknesses

Type: Secondary
CWE-425

Affected Vendors & Products

References

https://medium.com/@antonsimonyan7/idor-in-oz-forensics-face-recognition-application-cve-2025-32367-53684ee312ea ([email protected])
https://ozforensics.com/ ([email protected])
https://medium.com/@antonsimonyan7/idor-in-oz-forensics-face-recognition-application-cve-2025-32367-53684ee312ea (134c704f-9b21-4f2e-91b3-4a467353bcc0)