CNNVD-202511-3032 Information

CNNVD ID

CNNVD-202511-3032

Related CVE

CVE-2025-66289

• CNNVD Published: 2025-11-29

Description (Chinese)

OrangeHRM是美国OrangeHRM公司的一套人力资源管理系统（HRM）。该系统支持人事信息管理、休假管理、考勤管理和招聘管理等功能。 OrangeHRM 5.0版本至5.7版本存在代码问题漏洞，该漏洞源于会话管理不当，可能导致未授权访问。

Description (English)

OrangeHRM is a human resources management system (HRM) for OrangeHRM in the United States. The system supports functions such as personnel information management, leave administration, attendance and recruitment management. OrangeHRM versions 5.0 to 5.7 had a code gap, which stemmed from inadequate session management and could lead to unauthorized access.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

OrangeHRM

Published

2025-11-29

Last Modified

2026-02-24

References

https://github.com/orangehrm/orangehrm/security/advisories/GHSA-99qp-xh4q-pr9x https://access.redhat.com/security/cve/cve-2025-66289

Patch

https://www.orangehrm.com/