从该网页截图中可以获取到以下关于漏洞的关键信息: CVE-2025-64067 - Broken object property level authorization on multiple API endpoints Vulnerability Description Affected Product: Primakon Pi Portal 1.0.18 Affected Components: API endpoints responsible for retrieving object-specific or filtered data (e.g., user profiles, project records) Vulnerability Type: Broken object property level authorization Exploitation Methods: - Direct ID manipulation and IDOR: By changing an ID parameter (e.g., , ) in the request, an attacker can access the object and data belonging to another user. - Filter omission: By omitting the filtering parameter entirely, an attacker can cause the endpoint to return an entire unfiltered dataset of all stored records for all users. Impact: Unauthorized exposure of sensitive personal and organizational information. Summary The vulnerability arises from insufficient server-side validation to confirm that the requesting user is authorized to access the requested object or dataset, leading to potential unauthorized data access and exposure.