VYPR
High severityNVD Advisory· Published Nov 26, 2025· Updated Nov 26, 2025

OneUptime Unauthorized User Creation via API

CVE-2025-65966

Description

OneUptime is a solution for monitoring and managing online services. In version 9.0.5598, a low-permission user can create new accounts through a direct API request instead of being restricted to the intended interface. This issue has been patched in version 9.1.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
@oneuptime/commonnpm
< 9.1.09.1.0

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.