Medium severity5.0NVD Advisory· Published Oct 29, 2025· Updated Apr 15, 2026

CVE-2025-61876

Description

Insecure Direct Object Reference (IDOR) in /tenants/{id} API endpoint in Inforcer Platform version 2.0.153 allows an authenticated user with low privileges to enumerate and access tenant information belonging to other clients via modification of the tenant ID in the request URL.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

silvatech.uk/cve-2025-61876-inforcer-platform/nvd
www.inforcer.com/platformnvd

News mentions

No linked articles in our index yet.

cvss	0.325
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000