Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-5bk5-5mss-pfbw

Summary A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call.

Aliases

alias	CVE-2026-25197

Fixed_packages

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-25197

reference_id

reference_type

scores

value	0.0004
scoring_system	epss
scoring_elements	0.12346
published_at	2026-06-11T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12424
published_at	2026-06-14T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12444
published_at	2026-06-13T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12437
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-25197

reference_url

https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-03

reference_id

icsa-26-055-03

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:20:24Z/

url

https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-03

reference_url

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-055-03.json

reference_id

icsa-26-055-03.json

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:20:24Z/

url

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-055-03.json

reference_url

https://mygardyn.com/security/

reference_id

security

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:20:24Z/

url

https://mygardyn.com/security/

Weaknesses

cwe_id	639
name	Authorization Bypass Through User-Controlled Key
description	The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Exploits

Severity_range_score 9.1 - 9.3

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5bk5-5mss-pfbw

Vulnerability Instance