CVE-2025-65021

Name of the Vulnerable Software and Affected Versions Rallly versions prior to 4.5.4

Description An Insecure Direct Object Reference (IDOR) issue exists in the poll finalization feature of Rallly. An authenticated user can finalize a poll they do not own by manipulating the pollId parameter in the request. This allows unauthorized users to finalize other users’ polls and convert them into events without authorization checks, potentially disrupting user workflows and causing data integrity and availability issues.

Recommendations Update to version 4.5.4 or later.