CVE Catalog

CVE-2025-68049

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile — higher than 15% of all known CVEs

Summary

Versions of bunny.net up to 2.3.6 contain a vulnerability in access control that may allow subscribers unauthorized access to resources.

Risk Assessment

Organizations may be exposed to unauthorized access to data, potentially leading to information leaks or breaches of user privacy.

Recommendation

It is recommended to upgrade to the latest version of bunny.net to mitigate this access control vulnerability.

Original NVD description (English source)

Subscriber Broken Access Control in bunny.net <= 2.3.6 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS