CVE-2025-63294

WorkDo HRM SaaS HR and Payroll Tool 8.1 is affected vulnerable to Insecure Permissions. An authenticated user can create leave or resignation records on behalf of other users.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://codecanyon.net/item/hrm-saas-hr-and-payroll-tool/25982934	Product
https://medium.com/@barrattjack89/cve-2025-63294-insecure-permissions-in-workdo-hrm-saas-hr-and-payroll-8-1-d6bb03c21177	Exploit Third Party Advisory
https://workdo.io/hrm-saas-human-resource-management-software/	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:workdo:hrm_saas:8.1:*:*:*:*:*:*:*

History

04 Feb 2026, 20:15

Type	Values Removed	Values Added
First Time		Workdo Workdo hrm Saas
CPE		cpe:2.3:a:workdo:hrm_saas:8.1:::::::*
References	~~() https://codecanyon.net/item/hrm-saas-hr-and-payroll-tool/25982934 -~~	() https://codecanyon.net/item/hrm-saas-hr-and-payroll-tool/25982934 - Product
References	~~() https://medium.com/@barrattjack89/cve-2025-63294-insecure-permissions-in-workdo-hrm-saas-hr-and-payroll-8-1-d6bb03c21177 -~~	() https://medium.com/@barrattjack89/cve-2025-63294-insecure-permissions-in-workdo-hrm-saas-hr-and-payroll-8-1-d6bb03c21177 - Exploit, Third Party Advisory
References	~~() https://workdo.io/hrm-saas-human-resource-management-software/ -~~	() https://workdo.io/hrm-saas-human-resource-management-software/ - Product

Information

Published : 2025-11-04 16:16

Updated : 2026-02-04 20:15

NVD link : CVE-2025-63294

Mitre link : CVE-2025-63294

CVE.ORG link : CVE-2025-63294

JSON object : View

Products Affected

workdo

hrm_saas

CWE

CWE-862

Missing Authorization

6.5 /10