CNNVD-202511-2851 Information

CNNVD ID

CNNVD-202511-2851

Related CVE

CVE-2025-65681

• CNNVD Published: 2025-11-26

Description (Chinese)

Tutor是Overhang.IO开源的一个用于部署和管理Open edX平台的工具。 Tutor 20.0.2版本存在安全漏洞，该漏洞源于缺少适当的缓存控制HTTP标头和客户端会话检查，可能导致本地未经授权的攻击者访问敏感信息。

Description (English)

Tutor is an Open Source of Overhang.IO, a tool for deploying and managing Open edX platforms. There is a security loophole in Tutor 20.0.2, which stems from the lack of appropriate cache control HTTP headers and client session checks, which may lead to local unauthorized assailants accessing sensitive information.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Overhang.IO

Published

2025-11-26

Last Modified

2026-02-24

References

https://github.com/Rivek619/CVE-2025-65681 https://github.com/overhangio/tutor https://docs.tutor.edly.io https://access.redhat.com/security/cve/cve-2025-65681