Description

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the poll management feature allows any authenticated user to pause or resume any poll, regardless of ownership. The system only uses the public pollId to identify polls, and it does not verify whether the user performing the action is the poll owner. As a result, any user can disrupt polls created by others, leading to a loss of integrity and availability across the application. This issue has been patched in version 4.5.4.

INFO

Published Date :

2025-11-19T17:26:44.807Z

Last Modified :

2025-11-19T20:03:45.344Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-65033 vulnerability.

Vendors Products
Rallly
  • Rallly
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-65033.

URL Resource
https://github.com/lukevella/rallly/releases/tag/v4.5.4 cve-icon cve-icon
https://github.com/lukevella/rallly/security/advisories/GHSA-4p93-v53r-vch3 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact