CVE-2025-65033

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the poll management feature allows any authenticated user to pause or resume any poll, regardless of ownership. The system only uses the public pollId to identify polls, and it does not...

CVE-2025-65034

CVE-2025-65034 affects Rallly prior to version 4.5.4. The vulnerability is an improper authorization that allows any authenticated user to reopen finalized polls owned by other users by manipulating the pollId parameter, potentially disrupting events and compromising availability and integrity of...

CVE-2025-65034 Rallly Improper Authorization Allows Reopening of Any Finalized Poll via Public pollId

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization vulnerability allows any authenticated user to reopen finalized polls belonging to other users by manipulating the pollId parameter. This can disrupt events managed by other users and...

PT-2025-47510

Name of the Vulnerable Software and Affected Versions Rallly versions prior to 4.5.4 Description An authorization flaw exists in the poll management feature of Rallly. The system identifies polls using the pollId without verifying user ownership. This allows any authenticated user to pause or...