3.8
CVE-2025-14881
- EPSS 0.23%
- Veröffentlicht 19.12.2025 12:24:10
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle 655498c3-6ec5-4f0b-aea6-853b33
- CVE-Watchlists
- Unerledigt
Insecure direct object reference
Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellerpretix
≫
Produkt
pretix
Default Statusunaffected
Version
1.0.0
Version <
2025.8.0
Status
affected
Version
2025.8.0
Version <
2025.9.0
Status
affected
Version
2025.9.0
Version <
2025.10.0
Status
affected
Version
2025.10.0
Version <
2025.11.0
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.131 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 655498c3-6ec5-4f0b-aea6-853b334d05a6 | 3.8 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
https://pretix.eu/about/en/blog/20251218-release-2025-10-1/