CVE-2025-63294

MEDIUM

WorkDo HRM <8.1 - Privilege Escalation

Title source: llm

Description

WorkDo HRM SaaS HR and Payroll Tool 8.1 is affected vulnerable to Insecure Permissions. An authenticated user can create leave or resignation records on behalf of other users.

References (3)

Core 3

Core References

Product

https://codecanyon.net/item/hrm-saas-hr-and-payroll-tool/25982934

Exploit, Third Party Advisory

https://medium.com/@barrattjack89/cve-2025-63294-insecure-permissions-in-workdo-hrm-saas-hr-and-payroll-8-1-d6bb03c21177

Product

https://workdo.io/hrm-saas-human-resource-management-software/

Scores

CVSS v3 6.5

EPSS 0.0026

EPSS Percentile 17.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-862

Status published

Products (1)

workdo/hrm_saas 8.1

Published Nov 04, 2025

Tracked Since Feb 18, 2026