CVE-2025-63294 – CVE-2025-63294 is an insecure permissions vulne... (How to Fix)

Q: What is the severity of CVE-2025-63294?

CVE-2025-63294 has a CVSS score of 6.5 (MEDIUM). CVE-2025-63294 is an insecure permissions vulnerability in WorkDo HRM SaaS HR and Payroll Tool 8.1 that allows authenticated users to create leave or resignation records on behalf of other users. This affects organizations using the vulnerable version of this HR management software, potentially enabling unauthorized personnel actions.

📋 TL;DR

CVE-2025-63294 is an insecure permissions vulnerability in WorkDo HRM SaaS HR and Payroll Tool 8.1 that allows authenticated users to create leave or resignation records on behalf of other users. This affects organizations using the vulnerable version of this HR management software, potentially enabling unauthorized personnel actions.

💻 Affected Systems

Products:

WorkDo HRM SaaS HR and Payroll Tool

Versions: 8.1

Operating Systems: Any (SaaS web application)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the SaaS version available through CodeCanyon and workdo.io. Requires authenticated access to exploit.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious insider or compromised account could create fraudulent leave/resignation records for any employee, causing payroll errors, unauthorized absences, or false termination records with legal and financial consequences.

🟠

Likely Case

Unauthorized creation of leave records leading to payroll discrepancies, attendance tracking errors, and potential HR policy violations.

🟢

If Mitigated

Limited to minor data integrity issues if proper audit logging and approval workflows are in place to catch unauthorized changes.

🌐 Internet-Facing: MEDIUM - The SaaS nature means the application is internet-accessible, but exploitation requires authenticated access.

🏢 Internal Only: HIGH - All authenticated users can potentially exploit this vulnerability, making insider threats a significant concern.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once authenticated. No public exploit code identified, but the vulnerability is well-documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None identified

Restart Required: No

Instructions:

No official patch available. Monitor vendor channels for updates. Consider upgrading to newer versions if available.

🔧 Temporary Workarounds

Implement Role-Based Access Controls

all

Configure application permissions to restrict leave/resignation record creation to authorized HR personnel only.

Enable Audit Logging

all

Enable comprehensive audit logging for all leave and resignation record creation events to detect unauthorized activity.

🧯 If You Can't Patch

Implement manual approval workflows for all leave and resignation records
Regularly review and audit leave/resignation records for unauthorized changes

🔍 How to Verify

Check if Vulnerable:

Test with authenticated user account: attempt to create leave/resignation record for another user. If successful without proper authorization, system is vulnerable.

Check Version:

Check application version in admin panel or about page. Should display 'WorkDo HRM SaaS HR and Payroll Tool 8.1' if vulnerable.

Verify Fix Applied:

After implementing workarounds, test that authenticated users can no longer create records for other users without proper authorization.

📡 Detection & Monitoring

Log Indicators:

Multiple leave/resignation record creations from single user account
Records created for users outside normal reporting structure
Rapid succession of record creations

Network Indicators:

POST requests to leave/resignation creation endpoints with modified user IDs

SIEM Query:

source="workdo_logs" AND (event="leave_created" OR event="resignation_created") | stats count by user, target_user | where user != target_user

📊 Metadata

CVE ID: CVE-2025-63294

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-862

Published: November 4, 2025

Last Updated: February 5, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

https://codecanyon.net/item/hrm-saas-hr-and-payroll-tool/25982934 Product
https://medium.com/@barrattjack89/cve-2025-63294-insecure-permissions-in-workdo-hrm-saas-hr-and-payroll-8-1-d6bb03c21177 Exploit,Third Party Advisory
https://workdo.io/hrm-saas-human-resource-management-software/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-63294, you might also want to check these: