CVE-2025-55741

HIGH EPSS 30.6%
Published Aug 22, 202510mo ago · Modified Jun 17, 20261w ago
8.1 CVSS 3.1
High
Find Similar
Published Aug 22, 2025 10mo ago
Last Modified Jun 17, 2026 1w ago

Description

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intended access controls by issuing requests to the mass-delete endpoint, allowing them to delete products without proper authorization. This vulnerability allows unauthorized product deletion, leading to potential data loss and business disruption. The issue is fixed in version 0.3.1. No known workarounds exist.

CVSS Details

Base Score
8.1
Exploitability
2.8
Impact
5.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
30.6% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 2

CWE-284
CWE-862 Missing Authorization Authorization

Affected Products 1

VendorProductVersionRange
webkulunopim* <0.3.1

References 3

  • github.com https://github.com/unopim/unopim/commit/c14eebe653aafd8dc713ca729165177e63315989
    Patch
  • github.com https://github.com/unopim/unopim/security/advisories/GHSA-8p2f-fx4q-75cx
    ExploitVendor Advisory
  • youtube.com https://www.youtube.com/watch?v=J_WV8fCXlJM
    Exploit

Remediation

  • github.com https://github.com/unopim/unopim/commit/c14eebe653aafd8dc713ca729165177e63315989
    Patch