CVE-2025-55741

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-55741

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-55741.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-55741

Aliases

GHSA-8p2f-fx4q-75cx

Related

GHSA-8p2f-fx4q-75cx

Published

2025-08-22T16:15:46Z

Modified

2025-08-26T18:01:53.052176Z

Summary

[none]

Details

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intended access controls by issuing requests to the mass-delete endpoint, allowing them to delete products without proper authorization. This vulnerability allows unauthorized product deletion, leading to potential data loss and business disruption. The issue is fixed in version 0.3.1. No known workarounds exist.

References

Affected packages

Git / github.com/unopim/unopim

Affected ranges

Type: GIT
Repo: https://github.com/unopim/unopim
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c14eebe653aafd8dc713ca729165177e63315989

Affected versions

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.1.3

v0.1.4

v0.1.5

v0.1.6

v0.2.0

v0.3.0