Landlord Onboarding & Rental Signup Unauthorized Access Vulnerability in TurboTenant...

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Landlord Onboarding & Rental Signup introduces the landlord onboarding workflow and rental signup system for VivaTurbo Rentals & Property Services. In 2.0.0 and earlier, a vulnerability was identified in the TurboTenant property listing activation workflow that could allow unauthorized access to certain Stripe payment session data. This could potentially expose sensitive business metadata, including landlord dashboard sync details and tenant information. The issue affects the API endpoints handling the property listing activation, subscription metadata, and payment link generation.

AI Analysis

Unauthorized access to Stripe payment session data due to a vulnerability in the TurboTenant property listing activation workflow

Basic Information

ID CVE-2025-62516

Source GitHub_M

Published Oct 27, 2025 at 19:46

Modified Oct 27, 2025 at 19:58

Affected Product

Vendor turbo-tenant-internal-property

Product landlord-onboard-rental-signup

Version <= 2.0.0

Affected Versions turbo-tenant-internal-property landlord-onboard-rental-signup <= 2.0.0

CWE Classification

CWE-200

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor TurboTenant

Product Landlord Onboarding & Rental Signup

Version 2.0.0

References

github.com /turbo-tenant-internal-property/www.turbotenant.com/security/advisories/GHSA-43cm-q3mv-2hvj

{
    "lastseen": "",
    "description": "Landlord Onboarding & Rental Signup introduces the landlord onboarding workflow and rental signup system for VivaTurbo Rentals & Property Services. In 2.0.0 and earlier, a vulnerability was identified in the TurboTenant property listing activation workflow that could allow unauthorized access to certain Stripe payment session data. This could potentially expose sensitive business metadata, including landlord dashboard sync details and tenant information. The issue affects the API endpoints handling the property listing activation, subscription metadata, and payment link generation.",
    "published": "2025-10-27T19:46:32.122Z",
    "modified": "2025-10-27T19:58:22.992Z",
    "type": "cve",
    "title": "Landlord Onboarding & Rental Signup Unauthorized Access Vulnerability in TurboTenant Stripe Integration",
    "source": "GitHub_M",
    "references": "https://github.com/turbo-tenant-internal-property/www.turbotenant.com/security/advisories/GHSA-43cm-q3mv-2hvj",
    "id": "CVE-2025-62516",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "turbo-tenant-internal-property landlord-onboard-rental-signup <= 2.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "landlord-onboard-rental-signup",
    "version": "<= 2.0.0",
    "vendor": "turbo-tenant-internal-property",
    "ai_description": "Unauthorized access to Stripe payment session data due to a vulnerability in the TurboTenant property listing activation workflow",
    "ai_severity": "Critical",
    "ai_vendor": "TurboTenant",
    "ai_product": "Landlord Onboarding & Rental Signup",
    "ai_version": "2.0.0",
    "ai_score": 9.8
}

Landlord Onboarding & Rental Signup Unauthorized Access Vulnerability in TurboTenant Stripe Integration_CVE-2025-62516