CVE-2025-53108
BaseFortify
Publication date: 2025-07-02
Last updated on: 2025-07-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in HomeBox versions prior to 0.20.1 is due to a missing authorization check in the API endpoints that handle updating and deleting inventory item attachments. As a result, authenticated users can perform unauthorized actions on attachments they do not own, potentially manipulating or deleting critical inventory data without permission.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized data manipulation or loss of critical inventory data. This means that users could alter or delete inventory attachments they should not have access to, potentially causing data integrity issues and loss of important information.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade HomeBox to version 0.20.1 or later, as this issue has been patched in that version. There are no workarounds available.