Insecure Direct Object Reference (IDOR) vulnerability in the Management Console...

5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Description

An Insecure Direct Object Reference (IDOR) vulnerability in the Management Console of BlackBerry® AtHoc® (OnPrem) version 7.21 could allow an attacker to potentially gain unauthorized knowledge about other organizations hosted on the same Interactive Warning System (IWS).

Basic Information

ID CVE-2025-12766

Source blackberry

Published Nov 19, 2025 at 16:08

Modified Nov 19, 2025 at 17:42

Affected Product

Vendor BlackBerry

Product BlackBerry® AtHoc® (OnPrem)

Version 7.21

Affected Versions BlackBerry BlackBerry® AtHoc® (OnPrem) 7.21

CWE Classification

CWE-639

References

support.blackberry.com /pkb/s/article/140929

{
    "lastseen": "",
    "description": "An Insecure Direct Object Reference (IDOR) vulnerability in the Management Console of BlackBerry\u00ae AtHoc\u00ae (OnPrem) version 7.21 could allow an attacker to potentially gain unauthorized knowledge about other organizations hosted on the same Interactive Warning System (IWS).",
    "published": "2025-11-19T16:08:50.016Z",
    "modified": "2025-11-19T17:42:27.044Z",
    "type": "cve",
    "title": "Insecure Direct Object Reference (IDOR) vulnerability in the Management Console of affected versions of BlackBerry AtHoc.",
    "source": "blackberry",
    "references": "https://support.blackberry.com/pkb/s/article/140929",
    "id": "CVE-2025-12766",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "BlackBerry BlackBerry\u00ae AtHoc\u00ae (OnPrem) 7.21",
    "sourceHref": "",
    "cvss": {
        "score": 5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "BlackBerry\u00ae AtHoc\u00ae (OnPrem)",
    "version": "7.21",
    "vendor": "BlackBerry",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Insecure Direct Object Reference (IDOR) vulnerability in the Management Console of affected versions of BlackBerry AtHoc._CVE-2025-12766