CVE-2025-65031

Name of the Vulnerable Software and Affected Versions Rallly versions prior to 4.5.4

Description Rallly, an open-source scheduling and collaboration tool, contains a flaw in authorization related to comment creation. An authenticated user can impersonate any other user by modifying the authorName field within an API request. This allows attackers to post comments attributed to arbitrary usernames, including those with administrative privileges, potentially leading to phishing or social engineering attacks. The vulnerable endpoint is the comment creation API.

Recommendations Update to version 4.5.4 or later.