CVE-2025-59034: Indico may disclose unauthorized user details access via legacy API

September 10, 2025

A legacy API to retrieve user details could be misused to retrieve profile details of other users without having admin permissions due to a broken access check.

References

github.com/advisories/GHSA-4269-mcfh-cp7q
github.com/indico/indico
github.com/indico/indico/releases/tag/v3.3.8
github.com/indico/indico/security/advisories/GHSA-4269-mcfh-cp7q
nvd.nist.gov/vuln/detail/CVE-2025-59034

Code Behaviors & Features

Detect and mitigate CVE-2025-59034 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →