CVE-2025-65966 | THREATINT

Description

OneUptime is a solution for monitoring and managing online services. In version 9.0.5598, a low-permission user can create new accounts through a direct API request instead of being restricted to the intended interface. This issue has been patched in version 9.1.0.

PUBLISHED Reserved 2025-11-18 | Published 2025-11-26 | Updated 2025-11-26 | Assigner GitHub_M

HIGH: 8.8CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-285: Improper Authorization

Product status

= 9.0.5598

affected

References

github.com/...uptime/security/advisories/GHSA-m449-vh5f-574g

cve.org (CVE-2025-65966)

nvd.nist.gov (CVE-2025-65966)

Download JSON