PT-2025-44794 · Unknown · Fairsketch Rise Ultimate Project Manager & Crm

Published

2025-11-03

Updated

2025-11-14

CVE-2025-63293

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions FairSketch Rise Ultimate Project Manager & CRM version 3.9.4

Description A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization. This is due to missing authorization checks in the ticketing/commenting API. The issue allows unauthorized modification of ticket data. The affected API lacks proper validation of user permissions before allowing actions on tickets. Specifically, the vulnerability exists because authorization checks are missing when handling comments and attachments within the ticketing system.

Recommendations Update FairSketch Rise Ultimate Project Manager & CRM to a version with corrected authorization checks in the ticketing/commenting API.

Exploit

Fix

LPE

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2025-63293

Affected Products

Fairsketch Rise Ultimate Project Manager & Crm

PT-2025-44794 · Unknown · Fairsketch Rise Ultimate Project Manager & Crm

CVE-2025-63293

Weakness Enumeration

Related Identifiers

Affected Products

References · 6