CVE 8.8 HIGH

OneUptime Unauthorized User Creation via API_CVE-2025-65966

November 26, 2025 invoker category_cve

8.8 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Description

OneUptime is a solution for monitoring and managing online services. In version 9.0.5598, a low-permission user can create new accounts through a direct API request instead of being restricted to the intended interface. This issue has been patched in version 9.1.0.

AI Analysis

Unauthorized user creation via API in OneUptime version 9.0.5598

Basic Information

ID CVE-2025-65966

Source GitHub_M

Published Nov 26, 2025 at 18:10

Modified Nov 26, 2025 at 18:41

Affected Product

Vendor OneUptime

Product oneuptime

Version = 9.0.5598

Affected Versions OneUptime oneuptime = 9.0.5598

CWE Classification

CWE-285

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor OneUptime

Product oneuptime

Version 9.0.5598

References

github.com /OneUptime/oneuptime/security/advisories/GHSA-m449-vh5f-574g

{
    "lastseen": "",
    "description": "OneUptime is a solution for monitoring and managing online services. In version 9.0.5598, a low-permission user can create new accounts through a direct API request instead of being restricted to the intended interface. This issue has been patched in version 9.1.0.",
    "published": "2025-11-26T18:10:16.460Z",
    "modified": "2025-11-26T18:41:53.120Z",
    "type": "cve",
    "title": "OneUptime Unauthorized User Creation via API",
    "source": "GitHub_M",
    "references": "https://github.com/OneUptime/oneuptime/security/advisories/GHSA-m449-vh5f-574g",
    "id": "CVE-2025-65966",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285"
    ],
    "cvelist": null,
    "sourceData": "OneUptime oneuptime = 9.0.5598",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "oneuptime",
    "version": "= 9.0.5598",
    "vendor": "OneUptime",
    "ai_description": "Unauthorized user creation via API in OneUptime version 9.0.5598",
    "ai_severity": "High",
    "ai_vendor": "OneUptime",
    "ai_product": "oneuptime",
    "ai_version": "9.0.5598",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply