What is CVE-2025-65031?

CVE-2025-65031 is a medium-severity vulnerability in Lukevella Rallly, classified under Improper Authorization. CVSS score: 6.5/10. Published 2025-11-19.

How severe is CVE-2025-65031?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Auth bypass in Lukevella Rallly

CVE-2025-65031

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization flaw in the comment creation endpoint allows authenticated users to impersonate any other user by altering the authorName field i…

EPSS: 0.000 (11.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N.

Affected products

Lukevella Rallly — versions < 4.5.4

Weakness classification (CWE)

References

https://github.com/lukevella/rallly/security/advisories/GHSA-hhfc-6gq7-rrpm (x_refsource_CONFIRM)
https://github.com/lukevella/rallly/releases/tag/v4.5.4 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-65031?: CVE-2025-65031 is a medium-severity vulnerability in Lukevella Rallly, classified under Improper Authorization. CVSS score: 6.5/10. Published 2025-11-19.
How severe is CVE-2025-65031?: Medium severity. CVSS v3 base score is 6.5 out of 10.