Description
The Oz Forensics face recognition application before 4.0.8 late 2023 allows PII retrieval via /statistic/list Insecure Direct Object Reference. NOTE: the number 4.0.8 was used for both the unpatched and patched versions.
Exploits
No known exploits found for this CVE.
Search Exploit-DBReferences
cve@mitre.org
https://medium.com/@antonsimonyan7/idor-in-oz-forensics-face-recognition-application-cve-2025-32367-53684ee312eacve@mitre.org
https://ozforensics.com/134c704f-9b21-4f2e-91b3-4a467353bcc0
https://medium.com/@antonsimonyan7/idor-in-oz-forensics-face-recognition-application-cve-2025-32367-53684ee312ea