EUVD-2025-198311

ID: EUVD-2025-198311

Severity: medium

CVSS v4: 5.3 (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N)

CVSS v3: Not provided

CWE: None listed

Source: ENISA

Description

SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Status functionality an authenticated attacker is able to add, edit and delete any status. This issue was fixed in version 1.55.

Timestamps

Normalized: 2025-12-31T11:32:40Z UTC
Last updated: 2025-12-31T11:31:54Z UTC

References

No references provided.

VulnAI

EUVD-2025-198311

Description

Timestamps

References