PT-2025-30335 · Liner · Liner
Published
2025-07-21
·
Updated
2025-07-21
·
CVE-2025-51869
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Liner versions through 2025-06-03
Description
An Insecure Direct Object Reference (IDOR) vulnerability exists that allows attackers to gain sensitive information. The vulnerability is exploitable through crafted
space id, thread id, and message id parameters. The /v1/space/{space id}/thread/{thread id}/message/{message id} API endpoint is affected.Recommendations
Versions through 2025-06-03: Implement robust access controls to prevent unauthorized access to resources based on
space id, thread id, and message id parameters.Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Liner