We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-53374

Dokploy Improperly Discloses User Information via user.one Endpoint



Description

Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated low-privileged account can retrieve detailed profile information about another users in the same organization by directly invoking user.one. The response discloses personally-identifiable information (PII) such as e-mail address, role, two-factor status, organization ID, and various account flags. The fix will be available in the v0.23.7.

Reserved 2025-06-27 | Published 2025-07-07 | Updated 2025-07-07 | Assigner GitHub_M


LOW: 1.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

Problem types

CWE-359: Exposure of Private Personal Information to an Unauthorized Actor

CWE-862: Missing Authorization

Product status

< 0.23.7
affected

References

github.com/...okploy/security/advisories/GHSA-fcq8-wv2q-f758

github.com/...ommit/61cf426615a4aa095b150362526aa52f2d1ea115

cve.org (CVE-2025-53374)

nvd.nist.gov (CVE-2025-53374)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-53374

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.