What is CVE-2025-65033?

CVE-2025-65033 is a high-severity vulnerability in Lukevella Rallly, classified under Improper Authorization. CVSS score: 8.1/10. Published 2025-11-19.

How severe is CVE-2025-65033?

High severity. CVSS v3 base score is 8.1 out of 10.

Auth bypass in Lukevella Rallly

CVE-2025-65033

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the poll management feature allows any authenticated user to pause or resume any poll, regardless of ownership. The system only us…

EPSS: 0.001 (18.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H.

Affected products

Lukevella Rallly — versions < 4.5.4

Weakness classification (CWE)

References

https://github.com/lukevella/rallly/security/advisories/GHSA-4p93-v53r-vch3 (x_refsource_CONFIRM)
https://github.com/lukevella/rallly/releases/tag/v4.5.4 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-65033?: CVE-2025-65033 is a high-severity vulnerability in Lukevella Rallly, classified under Improper Authorization. CVSS score: 8.1/10. Published 2025-11-19.
How severe is CVE-2025-65033?: High severity. CVSS v3 base score is 8.1 out of 10.