CVE-2025-63293
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk26th percentile - higher than 26% of all known CVEs
Summary
FairSketch Rise Ultimate Project Manager & CRM version 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorization checks in the ticketing/commenting API.
Risk Assessment
The organization is at risk of unauthorized modifications to tickets, potentially leading to data confidentiality and integrity breaches, as well as privilege escalation by regular users.
Recommendation
Immediately update FairSketch Rise Ultimate Project Manager & CRM to the latest available version that includes security fixes. If an update is not possible, temporarily restrict access to the ticketing API for unauthorized users.
Original NVD description (English source)
FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorization checks in the ticketing/commenting API.

