CVE-2025-32367
📋 TL;DR
The Oz Forensics face recognition application before version 4.0.8 (late 2023) contains an Insecure Direct Object Reference (IDOR) vulnerability in the /statistic/list endpoint. This allows attackers to retrieve personally identifiable information (PII) without proper authorization. Organizations using vulnerable versions of Oz Forensics face recognition software are affected.
💻 Affected Systems
- Oz Forensics Face Recognition Application
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Mass exfiltration of sensitive PII data including facial recognition biometrics, personal details, and potentially other confidential information stored in the system.
Likely Case
Unauthorized access to individual user PII through manipulation of object references in API requests.
If Mitigated
Limited or no data exposure with proper access controls, authentication, and input validation in place.
🎯 Exploit Status
Exploitation requires some level of access but is technically simple once authenticated. Public disclosure includes technical details.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.0.8 (late 2023 patched version)
Vendor Advisory: https://ozforensics.com/
Restart Required: Yes
Instructions:
1. Verify current version. 2. Contact Oz Forensics for patched version 4.0.8. 3. Backup configuration and data. 4. Apply update following vendor instructions. 5. Restart application services. 6. Verify fix implementation.
🔧 Temporary Workarounds
Access Control Enhancement
allImplement additional authorization checks at the application layer
Endpoint Restriction
allRestrict access to /statistic/list endpoint using web application firewall or reverse proxy rules
🧯 If You Can't Patch
- Implement strict network segmentation to isolate the application from untrusted networks
- Deploy web application firewall with IDOR protection rules and monitor for suspicious /statistic/list requests
🔍 How to Verify
Check if Vulnerable:
Check application version and test /statistic/list endpoint with unauthorized object referencesCheck Version:
Check application admin interface or configuration files for version informationVerify Fix Applied:
Test that /statistic/list endpoint properly validates authorization and returns appropriate access denied responses📡 Detection & Monitoring
Log Indicators:
- Multiple failed authorization attempts on /statistic/list
- Unusual access patterns to statistic endpoints
- Requests with manipulated object IDs
Network Indicators:
- Unusual traffic to /statistic/list endpoint
- Pattern of sequential object ID requests
SIEM Query:
source="oz_forensics" AND (uri="/statistic/list" OR uri CONTAINS "statistic") AND (response_code=200 OR response_code=403) | stats count by src_ip, user