PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-69752 Ideagen CVE debrief

CVE-2025-69752 is a security issue affecting Ideagen Q-Pulse 7.1.0.32. An authenticated user can view other users' profile information by modifying the objectKey HTTP parameter in the My Details page URL. This issue has a CVSS score of 4.3 and is classified as MEDIUM severity. Security teams should assess the potential impact and implement necessary mitigations.

Vendor
Ideagen
Product
Q-Pulse
CVSS
MEDIUM 4.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-02-12
Original CVE updated
2026-07-05
Advisory published
2026-02-12
Advisory updated
2026-07-05

Who should care

Security teams and administrators responsible for Ideagen Q-Pulse 7.1.0.32 should assess and mitigate this vulnerability. Operators and platform administrators may also need to review and update their systems to prevent potential unauthorized access to user profile information.

Technical summary

The vulnerability has a CVSS score of 4.3 and is classified as MEDIUM severity. It allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in the My Details page URL of Ideagen Q-Pulse 7.1.0.32. This could potentially lead to unauthorized access to sensitive user information.

Defensive priority

Medium priority due to the MEDIUM severity CVSS score and potential for unauthorized access to user profile information. Defenders should prioritize verification of affected systems and implement additional authentication and authorization checks.

Recommended defensive actions

  • Verify and limit HTTP parameter modifications
  • Monitor user profile access and modifications
  • Implement additional authentication and authorization checks

Evidence notes

The CVE record was published on 2026-02-12T16:16:05.177Z and last modified on 2026-07-05T17:17:26.857Z. The NVD entry is currently Deferred. Evidence is limited to CVE and NVD information. Defenders should verify the affected product version and assess potential exposure.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-02-12T16:16:05.177Z and has not been modified since then. The NVD entry is currently Deferred.