CVE-2025-55741

Published: Aug 22, 2025Modified: Aug 25, 2025

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Exploitability: 2.8 / Impact: 5.2

Source: security-advisories@github.com (Secondary)

Description

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intended access controls by issuing requests to the mass-delete endpoint, allowing them to delete products without proper authorization. This vulnerability allows unauthorized product deletion, leading to potential data loss and business disruption. The issue is fixed in version 0.3.1. No known workarounds exist.

Affected (1)

Products: Webkul: Unopim

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Webkul Unopim	Before 0.3.1

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (5)

https://github.com/unopim/unopim/commit/c14eebe653aafd8dc713ca729165177e63315989

Source: security-advisories@github.com

Patch

https://github.com/unopim/unopim/security/advisories/GHSA-8p2f-fx4q-75cx

Source: security-advisories@github.com

ExploitVendor Advisory

https://www.youtube.com/watch?v=J_WV8fCXlJM

Source: security-advisories@github.com

Exploit

https://github.com/unopim/unopim/security/advisories/GHSA-8p2f-fx4q-75cx

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitVendor Advisory

https://www.youtube.com/watch?v=J_WV8fCXlJM

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Exploit

Timeline

No history available yet.