CVE-2025-62293

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-62293

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62293.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-62293

Published

2025-11-20T16:15:59.060Z

Modified

2026-03-13T03:40:25.714405Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Status functionality an authenticated attacker is able to add, edit and delete any status.

This issue was fixed in version 1.55.

References

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62293.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "1.55.00"
            }
        ]
    }
]