Unrated severityNVD Advisory· Published Sep 24, 2025· Updated Sep 24, 2025

Horilla Unauthorized Access to Candidate Resume Files Due to Broken Access Control

CVE-2025-48869

Description

Horilla is a free and open source Human Resource Management System (HRMS). Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, allowing attackers to retrieve sensitive candidate information without authentication. At time of publication there is no known patch.

Affected products

Horilla Opensource/Horillav5
Range: = 1.3.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/horilla-opensource/horilla/security/advisories/GHSA-99h5-x29f-727wmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000