CVE-2025-12766

{"id": "CVE-2025-12766", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secure@blackberry.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.1}]}, "published": "2025-11-19T17:15:46.690", "references": [{"url": "https://support.blackberry.com/pkb/s/article/140929", "tags": ["Vendor Advisory"], "source": "secure@blackberry.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "secure@blackberry.com", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "An Insecure Direct Object Reference (IDOR) vulnerability in the Management Console of BlackBerry\u00ae AtHoc\u00ae (OnPrem) version 7.21 could allow an attacker to potentially gain unauthorized knowledge about other organizations hosted on the same Interactive Warning System (IWS)."}], "lastModified": "2025-12-01T17:22:03.653", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:blackberry:athoc:7.21:-:*:*:onprem:*:*:*", "vulnerable": true, "matchCriteriaId": "DA68FFD4-1F31-450D-9405-B136FE4F066B"}], "operator": "OR"}]}], "sourceIdentifier": "secure@blackberry.com"}