{"id":26766,"date":"2025-04-19T01:11:46","date_gmt":"2025-04-19T01:11:46","guid":{"rendered":""},"modified":"2025-05-31T12:10:59","modified_gmt":"2025-05-31T18:10:59","slug":"cve-2025-32367-personal-identifiable-information-retrieval-in-oz-forensics-face-recognition-application","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-32367-personal-identifiable-information-retrieval-in-oz-forensics-face-recognition-application\/","title":{"rendered":"<strong>CVE-2025-32367: Personal Identifiable Information Retrieval in Oz Forensics Face Recognition Application<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The vulnerability discussed in this post, labeled as CVE-2025-32367, affects the Oz Forensics face recognition application version prior to 4.0.8. This particular vulnerability can lead to unauthorized retrieval of personally identifiable information (PII). Any organization that uses this face recognition application in its security infrastructure should be aware of this vulnerability, as it could <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-33033-audio-playback-memory-corruption-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"31230\">potentially lead to serious data leakage and system<\/a> compromise. This issue is of great concern due to the possible violations of privacy regulations and the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-44898-critical-stack-overflow-vulnerability-in-fw-wgs-804hpt-resulting-in-potential-system-compromise\/\"  data-wpil-monitor-id=\"52689\">potential financial and reputational damage that could result<\/a> from such violations.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-32367<br \/>\nSeverity: High (8.6)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: Low<br \/>\nUser Interaction: None<br \/>\nImpact: Unauthorized <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-55354-protection-mechanism-failure-in-lucee-leading-to-unauthorized-code-execution-and-data-access\/\"  data-wpil-monitor-id=\"31083\">retrieval<\/a> of PII leading to possible system compromise or data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-191915111\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 720px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 22px; font-weight: 600; display: flex; align-items: center; letter-spacing: -0.02em;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 10px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 42px; height: 42px;\" \/>\r\n    <\/a>\r\n    Share secrets securely\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 14px; color: #d1d5db;\">\r\n    Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 18px; color: #a1a1aa;\">\r\n    Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 24px; color: #e4e4e7;\">\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Encrypted identity<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Private Spaces for organizations and teams<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 End-to-end encrypted chat, calls, files, and notes<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Sensitive AI work and protected collaboration<\/li>\r\n    <li>\u2022 Built for information that cannot leak<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px; color: #ffffff;\">\r\n    Our mission is to secure human work alongside AI.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 8px; font-weight: 500;\">\r\n      Download Ameeba\r\n    <\/a>\r\n\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 8px; font-weight: 500;\">\r\n      Learn More\r\n    <\/a>\r\n  <\/div>\r\n<\/div><\/div>\n<p>Product | Affected Versions<\/p>\n<p>Oz Forensics face recognition application | <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-52307-high-severity-stack-overflow-vulnerability-in-paddlepaddle-prior-to-version-2-6-0\/\"  data-wpil-monitor-id=\"33970\">Versions prior<\/a> to 4.0.8<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>This <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-3439-php-object-injection-vulnerability-in-everest-forms-wordpress-plugin\/\"  data-wpil-monitor-id=\"32492\">vulnerability exploits an Insecure Direct Object<\/a> Reference (IDOR) within the \/statistic\/list endpoint. An attacker can manipulate parameters that reference objects directly in order to gain <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-3417-unauthorized-data-modification-and-privilege-escalation-in-wordpress-embedder-plugin\/\"  data-wpil-monitor-id=\"32432\">unauthorized access to data<\/a>. In this case, an attacker can <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-21737-critical-sap-application-interface-framework-file-adapter-vulnerability-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"31907\">potentially manipulate the IDOR to retrieve PII from the application<\/a> without the necessary permissions. The application fails to properly verify the user&#8217;s authorization before granting access to the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-50930-cross-site-request-forgery-csrf-in-savignano-s-notify-leading-to-configuration-tampering-and-potential-data-leakage\/\"  data-wpil-monitor-id=\"32004\">requested data<\/a>, thus enabling the exploit.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-1623337050\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>Here&#8217;s a conceptual example of how the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-39601-cross-site-request-forgery-vulnerability-in-wpfactory-custom-css-js-php\/\"  data-wpil-monitor-id=\"36065\">vulnerability might be exploited in an HTTP request<\/a>:<\/p>\n<pre><code class=\"\" data-line=\"\">GET \/statistic\/list?id=1234 HTTP\/1.1\nHost: vulnerable.example.com<\/code><\/pre>\n<p>In this example, an <a href=\"https:\/\/www.ameeba.com\/blog\/ahold-delhaize-data-breach-unpacking-the-november-cyber-attack-and-its-implications\/\"  data-wpil-monitor-id=\"36066\">attacker could manipulate the &#8216;id&#8217; parameter to access data<\/a> of other users. For instance, changing &#8216;id=1234&#8217; to &#8216;id=5678&#8217; might allow <a href=\"https:\/\/www.ameeba.com\/blog\/doge-s-access-to-federal-data-a-cybersecurity-concern\/\"  data-wpil-monitor-id=\"38422\">access to another user&#8217;s personal data<\/a>.<\/p>\n<p><strong>Mitigation Guidance<\/strong><\/p>\n<p>Users are advised to immediately update the <a href=\"https:\/\/www.ameeba.com\/blog\/unmasking-the-latest-google-user-scams-a-deep-dive-into-cybersecurity-threats-and-mitigation\/\"  data-wpil-monitor-id=\"38423\">Oz Forensics face recognition<\/a> application to the latest version. Although the version number remains the same (4.0.8), the vendor has <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-34028-path-traversal-vulnerability-in-commvault-command-center-innovation-release-11-38\/\"  data-wpil-monitor-id=\"39821\">released a patch to mitigate this vulnerability<\/a>. In cases where immediate patching is not possible, deploying a web application firewall (WAF) or intrusion detection system (IDS) to detect and <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-38657-out-of-bounds-write-vulnerability-in-gtkwave-lxt2-zlib-block-decompression\/\"  data-wpil-monitor-id=\"43195\">block attempts to exploit this vulnerability<\/a> can serve as a temporary mitigation measure.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The vulnerability discussed in this post, labeled as CVE-2025-32367, affects the Oz Forensics face recognition application version prior to 4.0.8. This particular vulnerability can lead to unauthorized retrieval of personally identifiable information (PII). Any organization that uses this face recognition application in its security infrastructure should be aware of this vulnerability, as it could [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-26766","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/26766","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=26766"}],"version-history":[{"count":12,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/26766\/revisions"}],"predecessor-version":[{"id":47147,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/26766\/revisions\/47147"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=26766"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=26766"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=26766"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=26766"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=26766"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=26766"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=26766"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=26766"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=26766"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}