Unrated severityNVD Advisory· Published Nov 19, 2025· Updated Nov 19, 2025
Rallly Has an IDOR Vulnerability in Participant Rename Function Allows Unauthorized Modification of Other Users’ Names
CVE-2025-65032
Description
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference (IDOR) vulnerability allows any authenticated user to change the display names of other participants in polls without being an admin or the poll owner. By manipulating the participantId parameter in a rename request, an attacker can modify another user’s name, violating data integrity and potentially causing confusion or impersonation attacks. This issue has been patched in version 4.5.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
2- github.com/lukevella/rallly/releases/tag/v4.5.4mitrex_refsource_MISC
- github.com/lukevella/rallly/security/advisories/GHSA-q9m7-chfx-43xwmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.