Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Insecure Direct Object Reference (IDOR) in Clickedu

Posted date 26/05/2025
Identificador
INCIBE-2025-0266
Importance
4 - High
Affected Resources

Clickedu.

Description

INCIBE has coordinated the publication of a high severity vulnerability affecting Clickedu by Sanoma, an educational centre management platform. The vulnerability was discovered by Kevin Gonzalvo Vicente.

This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector and vulnerability type CWE. 

  • CVE-2025-40650: CVSS v4.0: 8.7 | CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N | CWE-639
Solution

The vulnerability has been fixed by the Sanoma team in April 2025.

Detail

CVE-2025-40650: Insecure Direct Object Reference (IDOR) vulnerability in Clickedu. This vulnerability could allow an attacker to retrieve information about student report cards.

References list
Clickedu - Platform for the management of educational centres
Etiquetas