Security Advisory

CVE-2025-55886

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-22 00:00:00
Last updated 2025-11-17 18:33:50
Assigner mitre
State PUBLISHED

Description

An Insecure Direct Object Reference (IDOR) vulnerability was discovered in ARD. The flaw exists in the `fe_uid` parameter of the payment history API endpoint. An authenticated attacker can manipulate this parameter to access the payment history of other users without authorization.