Home

Description

Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only.

PUBLISHED Reserved 2025-12-18 | Published 2025-12-19 | Updated 2025-12-19 | Assigner rami.io




LOW: 3.8CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U

Problem types

CWE-639 Authorization Bypass Through User-Controlled Key

Product status

Default status
unaffected

1.0.0 (python) before 2025.8.0
affected

2025.8.0 (python) before 2025.9.0
affected

2025.9.0 (python) before 2025.10.0
affected

2025.10.0 (python) before 2025.11.0
affected

Credits

Deniz Parlak (https://github.com/DenizParlak) finder

References

pretix.eu/about/en/blog/20251218-release-2025-10-1/ vendor-advisory

cve.org (CVE-2025-14881)

nvd.nist.gov (CVE-2025-14881)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.