Medium severity5.3NVD Advisory· Published Oct 27, 2025· Updated Apr 15, 2026

CVE-2023-37749

Description

Incorrect access control in the REST API endpoint of HubSpot v1.29441 allows unauthenticated attackers to view users' data without proper authorization.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

app.hubspot.com/api/external-options/v2/pagedFetch/0-1/OWNERnvd
gist.github.com/0xDBJ/28072f7eea42571d5b4ebaabdcb21ccenvd
owasp.org/Top10/A01_2021-Broken_Access_Control/nvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000