CVE-2025-62516

Name of the Vulnerable Software and Affected Versions TurboTenant versions prior to 2.0.0

Description A security issue exists in the TurboTenant landlord onboarding and rental signup system, specifically within the property listing activation workflow. This issue could allow unauthorized access to Stripe payment session data, potentially exposing sensitive business metadata, including landlord dashboard sync details and tenant information. The affected functionality involves API endpoints responsible for property listing activation, subscription metadata, and payment link generation.

Recommendations Update to a version newer than 2.0.0.