CVE-2025-65034HIGH 8.1EPSS p20.4%

CVE-2025-65034CVE-2025-65034

Description

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization vulnerability allows any authenticated user to reopen finalized polls belonging to other users by manipulating the pollId parameter. This can disrupt events managed by other users and compromise both availability and integrity of poll data. This issue has been patched in version 4.5.4.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS0.29% probability of exploitation · percentile 20.4% · 2026-06-19T12:03:05Z
Published2025-11-19
Last modified2025-11-24

Underlying weaknesses· 1

CWE-639

References

  1. https://github.com/lukevella/rallly/releases/tag/v4.5.4
  2. https://github.com/lukevella/rallly/security/advisories/GHSA-5fp2-pv2j-rqpc
  3. https://github.com/lukevella/rallly/security/advisories/GHSA-5fp2-pv2j-rqpc

1

TypeTargetConfidenceTier
WeaknessAuthorization Bypass Through User-Controlled Keycwe-6390%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-65033
CVE
CVE-2025-65021
CVE
CVE-2025-65029
CVE
CVE-2025-47781
CVE
CVE-2025-47545
CVE
CVE-2025-24577
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.