CVE-2025-65030 — HIGH (7.1)

Q: How severe is CVE-2025-65030?

CVE-2025-65030 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-65030?

Check the references section above for vendor advisories and patch information. Affected products include: Rallly Rallly.

Vulnerability Description

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the comment deletion API allows any authenticated user to delete comments belonging to other users, including poll owners and administrators. The endpoint relies solely on the comment ID for deletion and does not validate whether the requesting user owns the comment or has permission to remove it. This issue has been patched in version 4.5.4.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

LOW

Affected Products

Vendor	Product	Versions
Rallly	Rallly	< 4.5.4

Related Weaknesses (CWE)

CWE-639 CWE-285

References

https://github.com/lukevella/rallly/releases/tag/v4.5.4Release Notes
https://github.com/lukevella/rallly/security/advisories/GHSA-4j32-25f9-qgfmExploitVendor Advisory

FAQ

What is CVE-2025-65030?

CVE-2025-65030 is a vulnerability with a CVSS score of 7.1 (HIGH). Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the comment deletion API allows any authenticated user to delete comments belonging to othe...

How severe is CVE-2025-65030?

CVE-2025-65030 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-65030?

Check the references section above for vendor advisories and patch information. Affected products include: Rallly Rallly.