What is CVE-2025-65030?

CVE-2025-65030 is a high-severity vulnerability in Lukevella Rallly, classified under Improper Authorization. CVSS score: 7.1/10. Published 2025-11-19.

How severe is CVE-2025-65030?

High severity. CVSS v3 base score is 7.1 out of 10.

Auth bypass in Lukevella Rallly

CVE-2025-65030

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the comment deletion API allows any authenticated user to delete comments belonging to other users, including poll owners and admi…

EPSS: 0.001 (18.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L.

Affected products

Lukevella Rallly — versions < 4.5.4

Weakness classification (CWE)

References

https://github.com/lukevella/rallly/security/advisories/GHSA-4j32-25f9-qgfm (x_refsource_CONFIRM)
https://github.com/lukevella/rallly/releases/tag/v4.5.4 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-65030?: CVE-2025-65030 is a high-severity vulnerability in Lukevella Rallly, classified under Improper Authorization. CVSS score: 7.1/10. Published 2025-11-19.
How severe is CVE-2025-65030?: High severity. CVSS v3 base score is 7.1 out of 10.