CVE-2025-62721

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions LinkAce versions 2.3.1 and below

Description LinkAce is a self-hosted archive to collect website links. Authenticated RSS feed endpoints in the FeedController class do not implement proper authorization checks. This allows any authenticated user to access all links, lists, and tags from all users in the system, regardless of their ownership or visibility settings.

Recommendations Update to version 2.4.0 or later.

Exploit

Fix

Improper Access Control

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-200

Related Identifiers

CVE-2025-62721

GHSA-47G2-QW6Q-CR96

Affected Products

Linkace

CVE-2025-62721

Weakness Enumeration

Related Identifiers

Affected Products

References · 8