What is CVE-2025-48869?

CVE-2025-48869 is a high-severity vulnerability in Horilla-opensource Horilla, classified under Improper Access Control. CVSS score: 7.5/10. Published 2025-09-24.

How severe is CVE-2025-48869?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2025-48869 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Horilla-opensource Horilla

CVE-2025-48869

Horilla is a free and open source Human Resource Management System (HRMS). Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessibl…

EPSS: 0.001 (28.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Horilla-opensource Horilla — versions = 1.3.0

Weakness classification (CWE)

CWE-284 — Improper Access Control

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

https://github.com/horilla-opensource/horilla/security/advisories/GHSA-99h5-x29f-727w (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2025-48869?: CVE-2025-48869 is a high-severity vulnerability in Horilla-opensource Horilla, classified under Improper Access Control. CVSS score: 7.5/10. Published 2025-09-24.
How severe is CVE-2025-48869?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2025-48869 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.