{"id":"GHSA-gq25-78jf-v78c","summary":"Overhang Tutor Discloses Sensitive Information due to Improper Cache-Control","details":"An issue was discovered in Overhang.IO (tutor-open-edx) (overhangio/tutor) 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks.","aliases":["CVE-2025-65681"],"modified":"2025-12-01T23:41:12.677763Z","published":"2025-11-26T21:31:26Z","database_specific":{"github_reviewed_at":"2025-12-01T22:57:57Z","github_reviewed":true,"cwe_ids":["CWE-384"],"nvd_published_at":"2025-11-26T19:15:49Z","severity":"LOW"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-65681"},{"type":"WEB","url":"https://docs.tutor.edly.io"},{"type":"WEB","url":"https://github.com/Rivek619/CVE-2025-65681"},{"type":"PACKAGE","url":"https://github.com/overhangio/tutor"}],"affected":[{"package":{"name":"tutor","ecosystem":"PyPI","purl":"pkg:pypi/tutor"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"20.0.2"}]}],"versions":["0.1","0.2","0.2.1","12.0.1","12.0.2","12.0.3","12.0.4","12.1.0","12.1.1","12.1.2","12.1.3","12.1.4","12.1.5","12.1.6","12.1.7","12.2.0","13.0.0","13.0.1","13.0.2","13.0.3","13.1.0","13.1.1","13.1.10","13.1.11","13.1.2","13.1.3","13.1.4","13.1.5","13.1.6","13.1.7","13.1.8","13.1.9","13.2.0","13.2.1","13.2.2","13.2.3","13.3.0","13.3.1","13.3.2","14.0.0","14.0.1","14.0.2","14.0.3","14.0.4","14.0.5","14.1.0","14.1.1","14.1.2","14.2.0","14.2.1","14.2.2","14.2.3","14.2.4","14.2.5","15.0.0","15.1.0","15.2.0","15.3.0","15.3.1","15.3.2","15.3.3","15.3.4","15.3.5","15.3.6","15.3.7","15.3.8","15.3.9","16.0.0","16.0.1","16.0.2","16.0.3","16.0.5","16.1.0","16.1.1","16.1.2","16.1.3","16.1.4","16.1.5","16.1.6","16.1.7","16.1.8","17.0.0","17.0.1","17.0.2","17.0.3","17.0.4","17.0.5","17.0.6","18.0.0","18.1.0","18.1.1","18.1.2","18.1.3","18.1.4","18.2.0","18.2.1","18.2.2","19.0.0","19.0.1","19.0.2","19.0.3","19.0.4","19.0.5","20.0.0","20.0.1","20.0.2"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/11/GHSA-gq25-78jf-v78c/GHSA-gq25-78jf-v78c.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}]}