CVE-2025-65017

CVSS v4.0

8.2

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Decidim versions 0.30.0 through 0.30.3 Decidim versions 0.31.0.rc1 through 0.31.0.rc2

Description Decidim, a participatory democracy framework, is affected by an issue where private data exports can lead to data leaks. This occurs due to UUID generation collisions, potentially exposing sensitive information.

Recommendations Update to Decidim version 0.30.4 or later. Update to Decidim version 0.31.0 or later.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-703CWE-200

Related Identifiers

CVE-2025-65017

GHSA-3CX6-J9J4-54MP

Affected Products

Decidim

CVE-2025-65017

Weakness Enumeration

Related Identifiers

Affected Products

References · 14