High severityNVD Advisory· Published Nov 26, 2025· Updated Nov 26, 2025
OneUptime Unauthorized User Creation via API
CVE-2025-65966
Description
OneUptime is a solution for monitoring and managing online services. In version 9.0.5598, a low-permission user can create new accounts through a direct API request instead of being restricted to the intended interface. This issue has been patched in version 9.1.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@oneuptime/commonnpm | < 9.1.0 | 9.1.0 |
Affected products
2- OneUptime/oneuptimev5Range: = 9.0.5598
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-m449-vh5f-574gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-65966ghsaADVISORY
- github.com/OneUptime/oneuptime/commit/07bc6d4edde7397ea6b88f889c065ec392052ab4ghsaWEB
- github.com/OneUptime/oneuptime/security/advisories/GHSA-m449-vh5f-574gghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.