Medium severityNVD Advisory· Published Oct 7, 2025· Updated Apr 15, 2026
CVE-2025-40676
CVE-2025-40676
Description
Insecure Direct Object Reference (IDOR) in Negotiator v3.15.2 from Biobanking and Biomolecular Resources - European Research Infrastructure (BBMRI-ERIC). This vulnerability allows an attacker to access or modify unauthorised resources by manipulating requests that use the 'userID' parameter in '/api/v3/users/', which may result in the exposure or alteration of sensitive data
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: = 3.15.2
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.