Critical
resolved
resolved
Authentication Bypass in Subscription Management Endpoint
Bug reported by Ahmed was disclosed at November 17, 2025, 1:08 pm | Insecure Direct Object Reference (IDOR)
A vulnerability was identified in the subscription management functionality that allowed unauthorized access to customer billing information. The issue stemmed from insufficient authentication and authorization controls on an API endpoint. The vulnerability was classified as an Insecure Direct Object Reference (IDOR) vulnerability, where customer identifiers could be manipulated to access other users' data. The vulnerability has been promptly addressed and fixed by the development team.
![[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]](https://64.media.tumblr.com/834502d05f9b014cbc37366fe428a5a7/13cb9841c0799d7a-ff/s500x560/e72398fe92beda2aa80d0329e8b9f4febece7568.gif)
