CNNVD-202511-158 Information

Nov 04, 2025 cve

CNNVD ID

CNNVD-202511-158

CVE-2025-63294

CNNVD Published: 2025-11-04

Description (Chinese)

WorkDo HRM SaaS HR and Payroll Tool是WorkDo公司的一个人力资源管理软件。 WorkDo HRM SaaS HR and Payroll Tool 8.1版本存在安全漏洞，该漏洞源于权限设置不当，可能导致经过身份验证的用户代表其他用户创建休假或辞职记录。

Description (English)

WorkDo HRM Saas HR and Payroll Tool is a human resources management software for WorkDo. There is a security loophole in version 8.1 of WorkDo HRM Saas HR and Payroll Tool, which stems from the inappropriate set-up of privileges, which may lead to the creation of leave or resignation records on behalf of other users by an identified user.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

WorkDo

Published

2025-11-04

Last Modified

2026-02-24

References

https://medium.com/@barrattjack89/cve-2025-63294-insecure-permissions-in-workdo-hrm-saas-hr-and-payroll-8-1-d6bb03c21177 https://codecanyon.net/item/hrm-saas-hr-and-payroll-tool/25982934 https://workdo.io/hrm-saas-human-resource-management-software/ https://access.redhat.com/security/cve/cve-2025-63294

Share on: