PatchSiren cyber security CVE debrief
CVE-2025-69752 Ideagen CVE debrief
CVE-2025-69752 is a security issue affecting Ideagen Q-Pulse 7.1.0.32. An authenticated user can view other users' profile information by modifying the objectKey HTTP parameter in the My Details page URL. This issue has a CVSS score of 4.3 and is classified as MEDIUM severity. Security teams should assess the potential impact and implement necessary mitigations.
- Vendor
- Ideagen
- Product
- Q-Pulse
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-12
- Original CVE updated
- 2026-07-05
- Advisory published
- 2026-02-12
- Advisory updated
- 2026-07-05
Who should care
Security teams and administrators responsible for Ideagen Q-Pulse 7.1.0.32 should assess and mitigate this vulnerability. Operators and platform administrators may also need to review and update their systems to prevent potential unauthorized access to user profile information.
Technical summary
The vulnerability has a CVSS score of 4.3 and is classified as MEDIUM severity. It allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in the My Details page URL of Ideagen Q-Pulse 7.1.0.32. This could potentially lead to unauthorized access to sensitive user information.
Defensive priority
Medium priority due to the MEDIUM severity CVSS score and potential for unauthorized access to user profile information. Defenders should prioritize verification of affected systems and implement additional authentication and authorization checks.
Recommended defensive actions
- Verify and limit HTTP parameter modifications
- Monitor user profile access and modifications
- Implement additional authentication and authorization checks
Evidence notes
The CVE record was published on 2026-02-12T16:16:05.177Z and last modified on 2026-07-05T17:17:26.857Z. The NVD entry is currently Deferred. Evidence is limited to CVE and NVD information. Defenders should verify the affected product version and assess potential exposure.
Official resources
-
CVE-2025-69752 CVE record
CVE.org
-
CVE-2025-69752 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-02-12T16:16:05.177Z and has not been modified since then. The NVD entry is currently Deferred.