CVE Catalog

CVE-2025-63293

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.34%

26th percentile - higher than 26% of all known CVEs

Summary

FairSketch Rise Ultimate Project Manager & CRM version 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorization checks in the ticketing/commenting API.

Risk Assessment

The organization is at risk of unauthorized modifications to tickets, potentially leading to data confidentiality and integrity breaches, as well as privilege escalation by regular users.

Recommendation

Immediately update FairSketch Rise Ultimate Project Manager & CRM to the latest available version that includes security fixes. If an update is not possible, temporarily restrict access to the ticketing API for unauthorized users.

Original NVD description (English source)

FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorization checks in the ticketing/commenting API.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS