CVE-2025-65033

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Rallly versions prior to 4.5.4

Description An authorization flaw exists in the poll management feature of Rallly. The system identifies polls using the pollId without verifying user ownership. This allows any authenticated user to pause or resume any poll, regardless of whether they created it. This can disrupt polls and compromise the application's integrity and availability.

Recommendations Update to version 4.5.4 or later.

Exploit

Fix

Improper Authorization

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-639

Related Identifiers

CVE-2025-65033

GHSA-4P93-V53R-VCH3

Affected Products

Rallly

CVE-2025-65033

Weakness Enumeration

Related Identifiers

Affected Products

References · 10