Overhang Tutor Discloses Sensitive Information due to Improper Cache-Control

GHSA-gq25-78jf-v78c · CVE-2025-65681 · PYSEC-2025-219

Published Nov 26, 2025 · Modified Jun 8, 2026

Description

An issue was discovered in Overhang.IO (tutor-open-edx) (overhangio/tutor) 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-65681
WEB https://docs.tutor.edly.io
WEB https://github.com/Rivek619/CVE-2025-65681
PACKAGE https://github.com/overhangio/tutor
WEB https://github.com/pypa/advisory-database/tree/main/vulns/tutor/PYSEC-2025-219.yaml

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes