CVE-2025-65017 — MEDIUM (6.5)

Q: How severe is CVE-2025-65017?

CVE-2025-65017 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-65017?

Check the references section above for vendor advisories and patch information. Affected products include: Decidim Decidim.

Vulnerability Description

Decidim is a participatory democracy framework. In versions from 0.30.0 to before 0.30.4 and from 0.31.0.rc1 to before 0.31.0, the private data exports can lead to data leaks in case the UUID generation, causing collisions for the generated UUIDs. This issue has been patched in versions 0.30.4 and 0.31.0.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Decidim	Decidim	>= 0.30.0, < 0.30.4

Related Weaknesses (CWE)

CWE-703 CWE-200

References

https://github.com/decidim/decidim/pull/13571Issue TrackingPatch
https://github.com/decidim/decidim/releases/tag/v0.30.4Release Notes
https://github.com/decidim/decidim/releases/tag/v0.31.0Release Notes
https://github.com/decidim/decidim/security/advisories/GHSA-3cx6-j9j4-54mpVendor Advisory

FAQ

What is CVE-2025-65017?

CVE-2025-65017 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Decidim is a participatory democracy framework. In versions from 0.30.0 to before 0.30.4 and from 0.31.0.rc1 to before 0.31.0, the private data exports can lead to data leaks in case the UUID generati...

How severe is CVE-2025-65017?

CVE-2025-65017 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-65017?

Check the references section above for vendor advisories and patch information. Affected products include: Decidim Decidim.