QwikSec

Security Database

CVE

CWE

Training

CVE-2025-55741

Published: Aug 22, 2025

Modified: Aug 22, 2025

PUBLISHED

CVSS v3.1

8.1

HIGH

Description

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intended access controls by issuing requests to the mass-delete endpoint, allowing them to delete products without proper authorization. This vulnerability allows unauthorized product deletion, leading to potential data loss and business disruption. The issue is fixed in version 0.3.1. No known workarounds exist.

Vendor	Product	Versions
unopim	unopim	affected `< 0.3.1`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

References

https://github.com/unopim/unopim/security/advisories/GHSA-8p2f-fx4q-75cx

x_refsource_CONFIRM

https://github.com/unopim/unopim/commit/c14eebe653aafd8dc713ca729165177e63315989

x_refsource_MISC

https://www.youtube.com/watch?v=J_WV8fCXlJM

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.