CVE-2025-53073
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-06-24

Last updated on: 2025-06-26

Assigner: MITRE

Description
In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions (such as adding a comment) without being a member of the project's team. A seven-digit issue ID must be known (it is not treated as a secret and might be mentioned publicly, or it could be predicted).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-24
Last Modified
2025-06-26
Generated
2026-05-06
AI Q&A
2025-06-24
EPSS Evaluated
2026-05-05
NVD
CVE-2025-53073
EUVD
EUVD-2025-28483
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-425 The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in Sentry versions 25.1.0 through 25.5.1 allows an authenticated attacker to access a project's issue endpoint and perform unauthorized actions, such as adding comments, even if they are not a member of the project's team. The attacker must know or predict a seven-digit issue ID, which is not treated as a secret and may be publicly available or guessable.


How can this vulnerability impact me? :

The vulnerability can lead to unauthorized users performing actions on project issues, such as adding comments, which could result in misinformation, disruption of project workflows, or exposure of sensitive project information to unauthorized individuals.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart