CVE-2025-40676

Description

Insecure Direct Object Reference (IDOR) in Negotiator v3.15.2 from Biobanking and Biomolecular Resources - European Research Infrastructure (BBMRI-ERIC). This vulnerability allows an attacker to access or modify unauthorised resources by manipulating requests that use the userID parameter in /api/v3/users/<userID>, which may result in the exposure or alteration of sensitive data