What is CVE-2025-48070?

CVE-2025-48070 is a low-severity vulnerability in Makeplane Plane, classified under Incorrect Default Permissions. CVSS score: 3.5/10. Published 2025-05-21.

How severe is CVE-2025-48070?

Low severity. CVSS v3 base score is 3.5 out of 10.

Vulnerability in Makeplane Plane

CVE-2025-48070

Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when c…

EPSS: 0.001 (33.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.5 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N.

Affected products

Makeplane Plane — versions < 0.23

Weakness classification (CWE)

CWE-276 — Incorrect Default Permissions

References

https://github.com/makeplane/plane/security/advisories/GHSA-cjh4-q763-cc48 (x_refsource_CONFIRM)
https://github.com/makeplane/plane/commit/0a8cc24da505fd519fcc3c9d6b5e15bc7ce21b29 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-48070?: CVE-2025-48070 is a low-severity vulnerability in Makeplane Plane, classified under Incorrect Default Permissions. CVSS score: 3.5/10. Published 2025-05-21.
How severe is CVE-2025-48070?: Low severity. CVSS v3 base score is 3.5 out of 10.