exploitDog

CVE-2025-65034

Опубликовано: 19 нояб. 2025

Источник: nvd

CVSS3: 8.1

EPSS Низкий

Описание

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization vulnerability allows any authenticated user to reopen finalized polls belonging to other users by manipulating the pollId parameter. This can disrupt events managed by other users and compromise both availability and integrity of poll data. This issue has been patched in version 4.5.4.

Ссылки

https://github.com/lukevella/rallly/releases/tag/v4.5.4
Release Notes
https://github.com/lukevella/rallly/security/advisories/GHSA-5fp2-pv2j-rqpc
Exploit
Vendor Advisory
https://github.com/lukevella/rallly/security/advisories/GHSA-5fp2-pv2j-rqpc
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rallly:rallly:*:*:*:*:*:*:*:*

Версия до 4.5.4 (исключая)

EPSS

Процентиль: 18%

0.00058

Низкий

8.1 High

CVSS3

Дефекты

CWE-639

EPSS

Процентиль: 18%

0.00058

Низкий

8.1 High

CVSS3

Дефекты

CWE-639