Medium severity5.3NVD Advisory· Published Feb 19, 2025· Updated Jun 17, 2026
CVE-2025-1007
CVE-2025-1007
Description
In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/{namespace}/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. The details include: name, description, website, support link and social media links. The same issues existed in /user/namespace/{namespace}/details/logo and allowed a user to change the logo.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: v0.9.0 to v0.20.0
- Eclipse Foundation/OpenVSXv5Range: 0.9.0
Patches
Vulnerability mechanics
References
1- github.com/eclipse/openvsx/security/advisories/GHSA-wc7c-xq2f-qp4hnvdExploitVendor Advisory
News mentions
0No linked articles in our index yet.