CVE-2025-67796

Name of the Vulnerable Software and Affected Versions IKUS Rdiffweb versions prior to 2.10.6

Description An improper authorization flaw exists where the API fails to enforce binding between the authenticated subject and the targeted user or tenant. This allows an attacker possessing any valid or stolen access token to impersonate other users, potentially enabling cross-tenant access to read or modify data and perform privileged actions.

Recommendations Update to version 2.10.6.