{"id":26766,"date":"2025-04-19T01:11:46","date_gmt":"2025-04-19T01:11:46","guid":{"rendered":""},"modified":"2025-05-31T12:10:59","modified_gmt":"2025-05-31T18:10:59","slug":"cve-2025-32367-personal-identifiable-information-retrieval-in-oz-forensics-face-recognition-application","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-32367-personal-identifiable-information-retrieval-in-oz-forensics-face-recognition-application\/","title":{"rendered":"<strong>CVE-2025-32367: Personal Identifiable Information Retrieval in Oz Forensics Face Recognition Application<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The vulnerability discussed in this post, labeled as CVE-2025-32367, affects the Oz Forensics face recognition application version prior to 4.0.8. This particular vulnerability can lead to unauthorized retrieval of personally identifiable information (PII). Any organization that uses this face recognition application in its security infrastructure should be aware of this vulnerability, as it could <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-33033-audio-playback-memory-corruption-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"31230\">potentially lead to serious data leakage and system<\/a> compromise. This issue is of great concern due to the possible violations of privacy regulations and the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-44898-critical-stack-overflow-vulnerability-in-fw-wgs-804hpt-resulting-in-potential-system-compromise\/\"  data-wpil-monitor-id=\"52689\">potential financial and reputational damage that could result<\/a> from such violations.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-32367<br \/>\nSeverity: High (8.6)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: Low<br \/>\nUser Interaction: None<br \/>\nImpact: Unauthorized <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-55354-protection-mechanism-failure-in-lucee-leading-to-unauthorized-code-execution-and-data-access\/\"  data-wpil-monitor-id=\"31083\">retrieval<\/a> of PII leading to possible system compromise or data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-941969950\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>Oz Forensics face recognition application | <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-52307-high-severity-stack-overflow-vulnerability-in-paddlepaddle-prior-to-version-2-6-0\/\"  data-wpil-monitor-id=\"33970\">Versions prior<\/a> to 4.0.8<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>This <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-3439-php-object-injection-vulnerability-in-everest-forms-wordpress-plugin\/\"  data-wpil-monitor-id=\"32492\">vulnerability exploits an Insecure Direct Object<\/a> Reference (IDOR) within the \/statistic\/list endpoint. An attacker can manipulate parameters that reference objects directly in order to gain <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-3417-unauthorized-data-modification-and-privilege-escalation-in-wordpress-embedder-plugin\/\"  data-wpil-monitor-id=\"32432\">unauthorized access to data<\/a>. In this case, an attacker can <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-21737-critical-sap-application-interface-framework-file-adapter-vulnerability-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"31907\">potentially manipulate the IDOR to retrieve PII from the application<\/a> without the necessary permissions. The application fails to properly verify the user&#8217;s authorization before granting access to the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-50930-cross-site-request-forgery-csrf-in-savignano-s-notify-leading-to-configuration-tampering-and-potential-data-leakage\/\"  data-wpil-monitor-id=\"32004\">requested data<\/a>, thus enabling the exploit.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-1240164342\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>Here&#8217;s a conceptual example of how the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-39601-cross-site-request-forgery-vulnerability-in-wpfactory-custom-css-js-php\/\"  data-wpil-monitor-id=\"36065\">vulnerability might be exploited in an HTTP request<\/a>:<\/p>\n<pre><code class=\"\" data-line=\"\">GET \/statistic\/list?id=1234 HTTP\/1.1\nHost: vulnerable.example.com<\/code><\/pre>\n<p>In this example, an <a href=\"https:\/\/www.ameeba.com\/blog\/ahold-delhaize-data-breach-unpacking-the-november-cyber-attack-and-its-implications\/\"  data-wpil-monitor-id=\"36066\">attacker could manipulate the &#8216;id&#8217; parameter to access data<\/a> of other users. For instance, changing &#8216;id=1234&#8217; to &#8216;id=5678&#8217; might allow <a href=\"https:\/\/www.ameeba.com\/blog\/doge-s-access-to-federal-data-a-cybersecurity-concern\/\"  data-wpil-monitor-id=\"38422\">access to another user&#8217;s personal data<\/a>.<\/p>\n<p><strong>Mitigation Guidance<\/strong><\/p>\n<p>Users are advised to immediately update the <a href=\"https:\/\/www.ameeba.com\/blog\/unmasking-the-latest-google-user-scams-a-deep-dive-into-cybersecurity-threats-and-mitigation\/\"  data-wpil-monitor-id=\"38423\">Oz Forensics face recognition<\/a> application to the latest version. Although the version number remains the same (4.0.8), the vendor has <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-34028-path-traversal-vulnerability-in-commvault-command-center-innovation-release-11-38\/\"  data-wpil-monitor-id=\"39821\">released a patch to mitigate this vulnerability<\/a>. In cases where immediate patching is not possible, deploying a web application firewall (WAF) or intrusion detection system (IDS) to detect and <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-38657-out-of-bounds-write-vulnerability-in-gtkwave-lxt2-zlib-block-decompression\/\"  data-wpil-monitor-id=\"43195\">block attempts to exploit this vulnerability<\/a> can serve as a temporary mitigation measure.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The vulnerability discussed in this post, labeled as CVE-2025-32367, affects the Oz Forensics face recognition application version prior to 4.0.8. This particular vulnerability can lead to unauthorized retrieval of personally identifiable information (PII). Any organization that uses this face recognition application in its security infrastructure should be aware of this vulnerability, as it could [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-26766","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/26766","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=26766"}],"version-history":[{"count":12,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/26766\/revisions"}],"predecessor-version":[{"id":47147,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/26766\/revisions\/47147"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=26766"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=26766"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=26766"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=26766"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=26766"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=26766"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=26766"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=26766"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=26766"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}