Unrated severityNVD Advisory· Published Nov 4, 2025· Updated Nov 5, 2025
LinkAce: Authorization Bypass Allows Unauthorized Access to All Private Links, Lists, and Tags
CVE-2025-62721
Description
LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, authenticated RSS feed endpoints in the FeedController class fail to implement proper authorization checks, allowing any authenticated user to access all links, lists, and tags from all users in the system, regardless of their ownership or visibility settings. This issue is fixed in version 2.4.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- github.com/Kovah/LinkAce/commit/1fef32694cee2bd80892fb478416be9364c3fdddmitrex_refsource_MISC
- github.com/Kovah/LinkAce/releases/tag/v2.4.0mitrex_refsource_MISC
- github.com/Kovah/LinkAce/security/advisories/GHSA-47g2-qw6q-cr96mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.