CVE-2025-65112

CVSS v3.1

9.4

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions PubNet versions prior to 1.1.3

Description PubNet is a self-hosted Dart & Flutter package service. The

/api/storage/upload

endpoint allows unauthenticated users to upload packages as any user by providing arbitrary

author-id

values. This enables identity spoofing, privilege escalation, and supply chain attacks.

Recommendations Update to version 1.1.3 or later.

Fix

Missing Authentication

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

CVE-2025-65112

Pubnet