⚠️Cornerstone OnDemand LMS v24.2.5.32 | Insecure Direct Object Reference (IDOR) Disclosures

Summary of Findings

• Insecure Direct Object Reference (IDOR) in LaunchVideo.aspx

  • CVE-2025-60929

• Insecure Direct Object Reference (IDOR) in Terminate.aspx

  • CVE-2025-60930

Timeline

• Reported to Vendor: Oct 23rd, 2024

• Patched: TBD

• Published: TBD