CVE-2025-53709

Name of the Vulnerable Software and Affected Versions: Secure-upload versions prior to 0.815.0

Description: Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service was installed on a limited number of environments. Privileged users could select email templates not intended for their enrollment when submitting data upload requests. Authenticated and privileged users could misuse an endpoint to redirect submission channels to datasets they control. An endpoint responsible for domain validation allowed unauthenticated users to enumerate existing enrollments. Other endpoints allowed enumeration of resources with known RIDs across enrollments.

Recommendations: Update to version 0.815.0 or later.