CVE-2025-61876

low-risk

Published 2025-10-29

Insecure Direct Object Reference (IDOR) in /tenants/{id} API endpoint in Inforcer Platform version 2.0.153 allows an authenticated user with low privileges to enumerate and access tenant information belonging to other clients via modification of the tenant ID in the request URL.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.0/10 Medium

NETWORK / LOW complexity

References (3)

https://silvatech.uk/cve-2025-61876-inforcer-platform/

https://www.inforcer.com/platform

https://silvatech.uk/cve-2025-61876-inforcer-platform/

/ 100

low-risk

Severity 20/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal