CVE-2025-62720

Name of the Vulnerable Software and Affected Versions LinkAce versions prior to 2.4.0

Description LinkAce is a self-hosted archive for website links. Versions 2.3.1 and below permit any authenticated user to export the complete database of links, including private links intended only for their owners. The ExportController class’s HTML and CSV export functions retrieve all links without proper access control checks, bypassing intended visibility restrictions. The vulnerable functions do not apply ownership or visibility filtering.

Recommendations Update to version 2.4.0 or later.