CVE-2025-65681

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-65681

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65681.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-65681

Aliases

GHSA-gq25-78jf-v78c

Published

2025-11-26T19:15:49.590Z

Modified

2026-03-13T03:41:21.287090Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in Overhang.IO (tutor-open-edx) (overhangio/tutor) 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks.

References

Affected packages

Git / github.com/overhangio/tutor

Affected ranges

Type

GIT

Repo

https://github.com/overhangio/tutor

Events

Introduced

Last affected

38b85f8382093848365367b3f167e299aa62612e

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "20.0.2"
        }
    ]
}

Affected versions

v10.*

v10.0.0

v10.0.1

v10.0.10

v10.0.11

v10.0.2

v10.0.3

v10.0.4

v10.0.5

v10.0.6

v10.0.7

v10.0.8

v10.0.9

v10.1.0

v10.2.0

v10.2.1

v10.2.2

v10.2.3

v10.2.4

v10.3.0

v10.3.1

v10.4.0

v10.4.1

v10.5.0

v10.5.1

v10.5.2

v10.5.3

v11.*

v11.0.0

v11.0.1

v11.0.2

v11.0.3

v11.0.4

v11.0.5

v11.0.6

v11.0.7

v11.1.0

v11.1.1

v11.1.2

v11.1.3

v11.1.4

v11.1.5

v11.2.0

v11.2.1

v11.2.10

v11.2.11

v11.2.2

v11.2.3

v11.2.4

v11.2.5

v11.2.6

v11.2.7

v11.2.8

v11.2.9

v11.3.0

v12.*

v12.0.0

v12.0.1

v12.0.2

v12.0.3

v12.0.4

v12.1.0

v12.1.1

v12.1.2

v12.1.3

v12.1.4

v12.1.5

v12.1.6

v12.1.7

v12.2.0

v13.*

v13.0.0

v13.0.1

v13.0.2

v13.0.3

v13.1.0

v13.1.1

v13.1.10

v13.1.11

v13.1.2

v13.1.3

v13.1.4

v13.1.5

v13.1.6

v13.1.7

v13.1.8

v13.1.9

v13.2.0

v13.2.1

v13.2.2

v13.2.3

v13.3.0

v13.3.1

v14.*

v14.0.0

v14.0.1

v14.0.2

v14.0.3

v14.0.4

v14.0.5

v14.1.0

v14.1.1

v14.1.2

v14.2.0

v14.2.1

v14.2.2

v14.2.3

v15.*

v15.0.0

v15.1.0

v15.2.0

v15.3.0

v15.3.1

v15.3.2

v15.3.3

v15.3.4

v15.3.5

v15.3.7

v16.*

v16.0.0

v16.0.1

v16.0.2

v16.0.3

v16.0.5

v16.1.0

v16.1.1

v16.1.2

v16.1.3

v16.1.4

v16.1.5

v16.1.6

v16.1.7

v16.1.8

v17.*

v17.0.0

v17.0.1

v17.0.2

v17.0.3

v17.0.4

v17.0.5

v17.0.6

v18.*

v18.0.0

v18.1.0

v18.1.1

v18.1.2

v18.1.3

v18.1.4

v18.2.0

v18.2.1

v18.2.2

v19.*

v19.0.0

v19.0.1

v19.0.2

v19.0.3

v19.0.4

v19.0.5

v20.*

v20.0.0

v20.0.1

v20.0.2

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.1.0

v3.10.1

v3.11.0

v3.11.1

v3.11.10

v3.11.11

v3.11.12

v3.11.2

v3.11.3

v3.11.4

v3.11.5

v3.11.6

v3.11.7

v3.11.8

v3.11.9

v3.12.0

v3.12.1

v3.12.2

v3.12.3

v3.12.4

v3.12.5

v3.12.6

v3.2.0

v3.2.1

v3.2.2

v3.3.0

v3.3.1

v3.3.10

v3.3.2

v3.3.3

v3.3.4

v3.3.5

v3.3.6

v3.3.7

v3.3.8

v3.3.9

v3.4.0

v3.4.1

v3.4.2

v3.4.3

v3.5.1

v3.5.2

v3.5.3

v3.6.0

v3.6.1

v3.6.2

v3.6.3

v3.7.0

v3.7.1

v3.7.2

v3.7.3

v3.7.4

v3.8.0

v3.9.0

v3.9.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65681.json"