What the vulnerability does
01Description
Improper Access Control in GitHub repository ikus060/rdiffweb prior to 2.5.5.
CVSS base score
8.4/10
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Key dates
02Disclosure timeline
December 23, 2022
CVE published
April 9, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-65097 Insecure Direct Object Reference (IDOR) Allows Unauthorized Deletion of User Collections
CVE-2022-39894
CVE-2024-0212 Cloudflare WordPress plugin enables information disclosure of Cloudflare API (for low privileged users)
CVE-2025-2551 D-Link DIR-618/DIR-605L formSetPortTr access control
CVE-2024-11483 Automation-gateway: aap-gateway: improper scope handling in oauth2 tokens for aap 2.5
