CVE-2025-14881

Source
https://cve.org/CVERecord?id=CVE-2025-14881
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14881.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-14881
Aliases
Published
2025-12-19T12:24:10.523Z
Modified
2026-07-08T07:59:29.575441869Z
Severity
  • 3.8 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U CVSS Calculator
Summary
Insecure direct object reference
Details

Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/14xxx/CVE-2025-14881.json",
    "cna_assigner": "rami.io",
    "cwe_ids": [
        "CWE-639"
    ],
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "2025.10.0"
                },
                {
                    "fixed": "2025.11.0"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ]
}
References

Affected packages

Git / github.com/pretix/pretix

Affected ranges

Type
GIT
Repo
https://github.com/pretix/pretix
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "1.0.0"
        },
        {
            "fixed": "2025.8.0"
        },
        {
            "introduced": "2025.8.0"
        },
        {
            "fixed": "2025.9.0"
        },
        {
            "introduced": "2025.9.0"
        },
        {
            "fixed": "2025.10.0"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

1.*
1.0.0
Other
s
v1.*
v1.1.0
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.14.0
v1.15.0
v1.16.0
v1.17.0
v1.2.0
v1.3.0
v1.4.0
v1.5.0
v1.6.0
v1.7.0
v1.8.0
v1.9.0
v2.*
v2.0.0
v2.1.0
v2.2.0
v2.3.0
v2.4.0
v2.5.0
v2.6.0
v2.7.0
v2.8.0
v2023.*
v2023.10.0
v2023.6.0
v2023.7.0
v2023.8.0
v2023.9.0
v2024.*
v2024.1.0
v2024.10.0
v2024.11.0
v2024.2.0
v2024.3.0
v2024.4.0
v2024.5.0
v2024.6.0
v2024.7.0
v2024.8.0
v2024.9.0
v2025.*
v2025.1.0
v2025.2.0
v2025.3.0
v2025.4.0
v2025.5.0
v2025.6.0
v2025.7.0
v2025.8.0
v2025.9.0
v3.*
v3.0.0
v3.1.0
v3.10.0
v3.11.0
v3.13.0
v3.14.0
v3.15.0
v3.16.0
v3.17.0
v3.18.0
v3.2.0
v3.3.0
v3.4.0
v3.5.0
v3.6.0
v3.7.0
v3.8.0
v3.9.0
v4.*
v4.0.0
v4.1.0
v4.10.0
v4.11.0
v4.13.0
v4.14.0
v4.15.0
v4.16.0
v4.17.0
v4.18.0
v4.19.0
v4.2.0
v4.20.0
v4.3.0
v4.5.0
v4.6.0
v4.7.0
v4.8.0
v4.9.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14881.json"