⚠️Cornerstone OnDemand LMS v24.2.5.32 | Insecure Direct Object Reference (IDOR) Disclosures
Discoverer: Dan Gilbert, Giovanni Heward
Summary of Findings
Insecure Direct Object Reference (IDOR) in LaunchVideo.aspx
CVE-2025-60929
Insecure Direct Object Reference (IDOR) in Terminate.aspx
CVE-2025-60930
Timeline
Reported to Vendor: Oct 23rd, 2024
Patched: TBD
Published: TBD
Last updated