Insecure direct object reference_CVE-2025-14881

3.8 / 10

LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U

Description

Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only.

Basic Information

ID CVE-2025-14881

Source rami.io

Published Dec 19, 2025 at 12:24

Affected Product

Vendor pretix

Product pretix

Version 1.0.0

Affected Versions pretix pretix 1.0.0
pretix pretix 2025.8.0
pretix pretix 2025.9.0
pretix pretix 2025.10.0

CWE Classification

CWE-639

References

pretix.eu /about/en/blog/20251218-release-2025-10-1/

{
    "lastseen": "",
    "description": "Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only.",
    "published": "2025-12-19T12:24:10.523Z",
    "modified": "2025-12-19T12:24:10.523Z",
    "type": "cve",
    "title": "Insecure direct object reference",
    "source": "rami.io",
    "references": "https://pretix.eu/about/en/blog/20251218-release-2025-10-1/",
    "id": "CVE-2025-14881",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "pretix pretix 1.0.0\npretix pretix 2025.8.0\npretix pretix 2025.9.0\npretix pretix 2025.10.0",
    "sourceHref": "",
    "cvss": {
        "score": 3.8,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "pretix",
    "version": "1.0.0",
    "vendor": "pretix",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}