CNNVD-202511-3031 Information
CNNVD ID
CNNVD-202511-3031
Related CVE
- CNNVD Published: 2025-11-29
Description (Chinese)
OrangeHRM是美国OrangeHRM公司的一套人力资源管理系统(HRM)。该系统支持人事信息管理、休假管理、考勤管理和招聘管理等功能。 OrangeHRM 5.0版本至5.7版本存在授权问题漏洞,该漏洞源于面试附件检索端点授权检查不足,可能导致机密文档泄露。
Description (English)
OrangeHRM is a human resources management system (HRM) for OrangeHRM in the United States. The system supports functions such as personnel information management, leave administration, attendance and recruitment management. OrangeHRM versions 5.0 to 5.7 have a mandate gap, which stems from the lack of authorization to search endpoints for interview attachments, which could lead to the disclosure of confidential documents.
Hazard Level
High
Vulnerability Type
授权问题
Affected Vendor
OrangeHRM
Published
2025-11-29
Last Modified
2026-02-24
References
https://github.com/orangehrm/orangehrm/commit/647133d0fdda989a4836845a6531277078a84607 https://github.com/orangehrm/orangehrm/security/advisories/GHSA-v32g-r8xx-4g6g https://access.redhat.com/security/cve/cve-2025-66291
Patch
https://github.com/orangehrm/orangehrm/releases
Share on: