
We found results for “”
CVE-2025-59034
Good to know:



Date: September 10, 2025
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, a legacy API to retrieve user details could be misused to retrieve profile details of other users without having admin permissions due to a broken access check. Users should to update to Indico 3.3.8 as soon as possible. As a workaround, it is possible to restrict access to the affected API (e.g. in the webserver config).
Severity Score
Severity Score
Weakness Type (CWE)
Authorization Bypass Through User-Controlled Key
CWE-639Top Fix

Upgrade Version
Upgrade to version indico - 3.3.8;https://github.com/indico/indico.git - v3.3.8
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |