CVE-2025-53073

Name of the Vulnerable Software and Affected Versions: Sentry versions 25.1.0 through 25.5.1

Description: The issue allows an authenticated attacker to access a project's issue endpoint and perform unauthorized actions, such as adding a comment, without being a member of the project's team. This can be done if the attacker knows a seven-digit issue ID, which is not treated as a secret and might be mentioned publicly or predicted.

Recommendations: For Sentry versions 25.1.0 through 25.5.1, consider restricting access to the issue endpoint until a patch is available. As a temporary workaround, avoid using the issue endpoint for sensitive projects until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.