CVE-2025-4962 IDOR Vulnerability in Template Creation via `projectId` Manipulation in lunary-ai/lunary

An Insecure Direct Object Reference IDOR vulnerability was identified in the POST /v1/templates endpoint of the Lunary API, affecting versions up to 0.8.8. This vulnerability allows authenticated users to create templates in another user's project by altering the projectId query parameter. The ro...

PT-2025-33652 · Lunary · Lunary

Name of the Vulnerable Software and Affected Versions: Lunary versions up to 0.8.8 Description: An Insecure Direct Object Reference IDOR vulnerability exists in the POST /v1/templates endpoint of the Lunary API. The vulnerability allows authenticated users to create templates in another user's...