CVE-2025-55741
Last modified
CVE-2025-55741 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. EPSS estimates a 0.39% chance of exploitation in the next 30 days.
Description
UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intended access controls by issuing requests to the mass-delete endpoint, allowing them to delete products without proper authorization. This vulnerability allows unauthorized product deletion, leading to potential data loss and business disruption. The issue is fixed in version 0.3.1. No known workarounds exist.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Webkul | Unopim | < 0.3.1 |
References
- https://github.com/unopim/unopim/security/advisories/GHSA-8p2f-fx4q-75cxExploit, Vendor Advisory
- https://github.com/unopim/unopim/security/advisories/GHSA-8p2f-fx4q-75cxExploit, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-55741?
How severe is CVE-2025-55741?
How do I fix CVE-2025-55741?
Are you affected by CVE-2025-55741?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST