Overview
CVE-2025-65032 describes an Insecure Direct Object Reference (IDOR) vulnerability found in Rallly, an open-source scheduling and collaboration tool. This flaw, present in versions prior to 4.5.4, allowed any authenticated user to modify the display names of other participants within polls, regardless of whether they were an administrator or the poll’s owner. By manipulating the participantId parameter in a rename request, malicious users could potentially cause confusion, data integrity issues, or even conduct impersonation attacks.
Technical Details
The vulnerability resides in the lack of proper authorization checks when processing requests to rename participants in a poll. The application failed to verify if the user initiating the rename request had the necessary permissions to modify the target participant’s details. This allowed an attacker to intercept and modify the request, changing the participantId to that of another user and submitting the request. The server, lacking the appropriate validation, would then update the display name of the victim user.
CVSS Analysis
The Common Vulnerability Scoring System (CVSS) assigned a score of 6.5 (Medium) to CVE-2025-65032. This score reflects the potential impact of the vulnerability, which includes data integrity violations and possible impersonation. The attack vector is network-based, requiring authentication to exploit. The impact to confidentiality is low, integrity is low, and availability is none.
Possible Impact
The successful exploitation of this vulnerability could have several negative consequences:
- Data Integrity Violation: Incorrect display names can lead to confusion and inaccuracies in poll results.
- Impersonation Attacks: An attacker could change the name of a participant to impersonate them, potentially leading to social engineering or other malicious activities.
- Loss of Trust: Users may lose trust in the platform if they discover that their display names can be altered by unauthorized individuals.
Mitigation or Patch Steps
The vulnerability has been addressed in Rallly version 4.5.4. It is highly recommended that all users of Rallly upgrade to version 4.5.4 or later as soon as possible. This update includes the necessary authorization checks to prevent unauthorized modification of participant display names.
If immediate upgrading is not possible, consider implementing temporary mitigation measures, such as restricting access to the Rallly instance or closely monitoring user activity for any suspicious behavior.
References
