Vulnerability Description
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization vulnerability allows any authenticated user to reopen finalized polls belonging to other users by manipulating the pollId parameter. This can disrupt events managed by other users and compromise both availability and integrity of poll data. This issue has been patched in version 4.5.4.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rallly | Rallly | < 4.5.4 |
Related Weaknesses (CWE)
References
- https://github.com/lukevella/rallly/releases/tag/v4.5.4Release Notes
- https://github.com/lukevella/rallly/security/advisories/GHSA-5fp2-pv2j-rqpcExploitVendor Advisory
- https://github.com/lukevella/rallly/security/advisories/GHSA-5fp2-pv2j-rqpcExploitVendor Advisory
FAQ
What is CVE-2025-65034?
CVE-2025-65034 is a vulnerability with a CVSS score of 8.1 (HIGH). Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization vulnerability allows any authenticated user to reopen finalized polls belonging to other u...
How severe is CVE-2025-65034?
CVE-2025-65034 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-65034?
Check the references section above for vendor advisories and patch information. Affected products include: Rallly Rallly.