Auth bypass in Eclipse Foundation Openvsx
CVE-2025-1007
In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/{namespace}/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. The details include: name, description, website, su…
EPSS: 0.004 (62.8th percentile) — read the EPSS interpretation.
Affected products
- Eclipse Foundation Openvsx — versions 0.9.0, 0.19.1