CVE-2025-65681: Overhang Tutor Discloses Sensitive Information due to Improper Cache-Control

November 26, 2025 (updated December 1, 2025)

An issue was discovered in Overhang.IO (tutor-open-edx) (overhangio/tutor) 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks.

References

docs.tutor.edly.io/
github.com/Rivek619/CVE-2025-65681
github.com/advisories/GHSA-gq25-78jf-v78c
github.com/overhangio/tutor
nvd.nist.gov/vuln/detail/CVE-2025-65681

Code Behaviors & Features

Detect and mitigate CVE-2025-65681 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →