Home > Vulnerability Database > CVE-2025-55741

Mend.io Vulnerability Database

CVE-2025-55741

Good to know:

Date: August 22, 2025

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intended access controls by issuing requests to the mass-delete endpoint, allowing them to delete products without proper authorization. This vulnerability allows unauthorized product deletion, leading to potential data loss and business disruption. The issue is fixed in version 0.3.1. No known workarounds exist.

Severity Score

8.1

Related Resources (8)

Url: https://www.youtube.com/watch?v=J_WV8fCXlJM

Url: https://github.com/unopim/unopim/commit/f49fa630afd36ff61c146b3e5bc7a0808667ca19

Url: https://youtu.be/J_WV8fCXlJM

Url: https://github.com/unopim/unopim/commit/c14eebe653aafd8dc713ca729165177e63315989

Url: https://github.com/unopim/unopim

Url: https://github.com/unopim/unopim/security/advisories/GHSA-8p2f-fx4q-75cx

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-55741

Url: https://www.mend.io/vulnerability-database/CVE-2025-55741

Severity Score

8.1

Weakness Type (CWE)

Improper Access Control

CWE-284

Missing Authorization

CWE-862

Top Fix

Upgrade Version

Upgrade to version unopim/unopim - v0.3.1

Learn More

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-55741

Good to know:

Date: August 22, 2025

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?