Description

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intended access controls by issuing requests to the mass-delete endpoint, allowing them to delete products without proper authorization. This vulnerability allows unauthorized product deletion, leading to potential data loss and business disruption. The issue is fixed in version 0.3.1. No known workarounds exist.

INFO

Published Date :

2025-08-22T16:04:51.542Z

Last Modified :

2025-08-22T16:24:48.523Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-55741 vulnerability.

Vendors Products
Unopim
  • Unopim
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-55741.

URL Resource
https://github.com/unopim/unopim/commit/c14eebe653aafd8dc713ca729165177e63315989 cve-icon cve-icon
https://github.com/unopim/unopim/security/advisories/GHSA-8p2f-fx4q-75cx cve-icon cve-icon cve-icon
https://www.youtube.com/watch?v=J_WV8fCXlJM cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact