Home

Description

An API endpoint allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only.

PUBLISHED Reserved 2025-12-18 | Published 2025-12-19 | Updated 2025-12-19 | Assigner rami.io




LOW: 3.8CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U

Problem types

CWE-639 Authorization Bypass Through User-Controlled Key

Product status

Default status
unaffected

1.12.0 (python)
affected

References

pretix.eu/about/en/blog/20251218-release-2025-10-1/ vendor-advisory

cve.org (CVE-2025-14882)

nvd.nist.gov (CVE-2025-14882)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.