Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/14xxx/CVE-2025-14881.json",
"cna_assigner": "rami.io",
"cwe_ids": [
"CWE-639"
],
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "2025.10.0"
},
{
"fixed": "2025.11.0"
}
],
"source": "AFFECTED_FIELD"
}
]
}