CVE-2025-62721

High CVSS: 7.1

LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, authenticated RSS feed endpoints in the FeedController class fail to implement proper authorization checks, allowing any authenticated user to access all links, lists, and tags from all users in the system, regardless of their ownership or visibility settings. This issue is fixed in version 2.4.0.

Vendor

Linkace

Product

Linkace

CWE

CWE-200

Yayın Tarihi

2025-11-04 22:16:39

Güncelleme

2025-11-10 19:56:06

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-200 Linkace HIGH Linkace 2025

Referanslar

https://github.com/Kovah/LinkAce/commit/1fef32694cee2bd80892fb478416be9364c3fddd https://github.com/Kovah/LinkAce/releases/tag/v2.4.0 https://github.com/Kovah/LinkAce/security/advisories/GHSA-47g2-qw6q-cr96 https://github.com/Kovah/LinkAce/security/advisories/GHSA-47g2-qw6q-cr96

Benzer Kayıtlar

High

CVE-2026-33953

LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP l…

Medium

CVE-2026-33954

LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-…

High

CVE-2026-30953

LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetche…

Medium

CVE-2026-30954

LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy() method in LinkRep…

High

CVE-2026-27458

LinkAce is a self-hosted archive to collect website links. Versions 2.4.2 and below have a Stored Cross-site Scripting v…

High

CVE-2025-62722

LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, the social media sharing functio…