CVE-2025-48881: Valtimo backend libraries allows objects in the object-api to be accessed and modified by unauthorized users
(updated )
All objects for which an object-management configuration exists can be listed, viewed, edited, created or deleted by unauthorised users.
If object-urls are exposed via other channels, the contents of these objects can be viewed independent of object-management configurations.
References
- github.com/advisories/GHSA-965r-9cg9-g42p
- github.com/valtimo-platform/valtimo-backend-libraries
- github.com/valtimo-platform/valtimo-backend-libraries/commit/6ab04b30d3dab816bfea32d40ba50e5dd4517272
- github.com/valtimo-platform/valtimo-backend-libraries/security/advisories/GHSA-965r-9cg9-g42p
- nvd.nist.gov/vuln/detail/CVE-2025-48881
Code Behaviors & Features
Detect and mitigate CVE-2025-48881 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →