Vulnerabilites related to horilla-opensource - horilla
CVE-2025-59524 (GCVE-0-2025-59524)
Vulnerability from cvelistv5
Published
2025-09-24 18:12
Modified
2025-09-24 18:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, the file upload flow performs validation only in the browser and does not enforce server-side checks. An attacker can bypass the client-side validation (for example, with an intercepting proxy or by submitting a crafted request) to store an executable HTML document on the server. When an administrator or other privileged user views the uploaded file, the embedded script runs in their context and sends session cookies (or other credentials) to an attacker-controlled endpoint. The attacker then reuses those credentials to impersonate the admin. This issue has been patched in version 1.4.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/horilla-opensource/horilla/security/advisories/GHSA-mff9-p8j9-9v5q | x_refsource_CONFIRM | |
| https://github.com/Mmo-kali/CVE/blob/main/CVE-2025-59524/2025-08-Horilla_Vulnerability_3.pdf | x_refsource_MISC | |
| https://github.com/horilla-opensource/horilla/releases/tag/1.4.0 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| horilla-opensource | horilla |
Version: < 1.4.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59524",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T18:46:51.206876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T18:46:57.973Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "horilla",
"vendor": "horilla-opensource",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, the file upload flow performs validation only in the browser and does not enforce server-side checks. An attacker can bypass the client-side validation (for example, with an intercepting proxy or by submitting a crafted request) to store an executable HTML document on the server. When an administrator or other privileged user views the uploaded file, the embedded script runs in their context and sends session cookies (or other credentials) to an attacker-controlled endpoint. The attacker then reuses those credentials to impersonate the admin. This issue has been patched in version 1.4.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T18:12:55.990Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-mff9-p8j9-9v5q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-mff9-p8j9-9v5q"
},
{
"name": "https://github.com/Mmo-kali/CVE/blob/main/CVE-2025-59524/2025-08-Horilla_Vulnerability_3.pdf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mmo-kali/CVE/blob/main/CVE-2025-59524/2025-08-Horilla_Vulnerability_3.pdf"
},
{
"name": "https://github.com/horilla-opensource/horilla/releases/tag/1.4.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/horilla-opensource/horilla/releases/tag/1.4.0"
}
],
"source": {
"advisory": "GHSA-mff9-p8j9-9v5q",
"discovery": "UNKNOWN"
},
"title": "Horilla Stored XSS Vulnerability via File Upload in Reimbursement Panel"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59524",
"datePublished": "2025-09-24T18:12:55.990Z",
"dateReserved": "2025-09-17T17:04:20.372Z",
"dateUpdated": "2025-09-24T18:46:57.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59525 (GCVE-0-2025-59525)
Vulnerability from cvelistv5
Published
2025-09-24 18:15
Modified
2025-09-24 18:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, improper sanitization across the application allows XSS via uploaded SVG (and via allowed <embed>), which can be chained to execute JavaScript whenever users view impacted content (e.g., announcements). This can result in admin account takeover. This issue has been patched in version 1.4.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/horilla-opensource/horilla/security/advisories/GHSA-rp5m-vpqr-vpvp | x_refsource_CONFIRM | |
| https://github.com/Mmo-kali/CVE/blob/main/CVE-2025-59525/2025-08-Horilla_Vulnerability_2.pdf | x_refsource_MISC | |
| https://github.com/horilla-opensource/horilla/releases/tag/1.4.0 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| horilla-opensource | horilla |
Version: < 1.4.0 |
{
"containers": {
"cna": {
"affected": [
{
"product": "horilla",
"vendor": "horilla-opensource",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, improper sanitization across the application allows XSS via uploaded SVG (and via allowed \u003cembed\u003e), which can be chained to execute JavaScript whenever users view impacted content (e.g., announcements). This can result in admin account takeover. This issue has been patched in version 1.4.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T18:15:12.850Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-rp5m-vpqr-vpvp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-rp5m-vpqr-vpvp"
},
{
"name": "https://github.com/Mmo-kali/CVE/blob/main/CVE-2025-59525/2025-08-Horilla_Vulnerability_2.pdf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mmo-kali/CVE/blob/main/CVE-2025-59525/2025-08-Horilla_Vulnerability_2.pdf"
},
{
"name": "https://github.com/horilla-opensource/horilla/releases/tag/1.4.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/horilla-opensource/horilla/releases/tag/1.4.0"
}
],
"source": {
"advisory": "GHSA-rp5m-vpqr-vpvp",
"discovery": "UNKNOWN"
},
"title": "Horilla has Improper Input Sanitization Leading to XSS and Admin Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59525",
"datePublished": "2025-09-24T18:15:12.850Z",
"dateReserved": "2025-09-17T17:04:20.372Z",
"dateUpdated": "2025-09-24T18:15:12.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48867 (GCVE-0-2025-48867)
Vulnerability from cvelistv5
Published
2025-09-24 17:25
Modified
2025-09-24 17:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Horilla is a free and open source Human Resource Management System (HRMS). A stored cross-site scripting (XSS) vulnerability in Horilla HRM 1.3.0 allows authenticated admin or privileged users to inject malicious JavaScript payloads into multiple fields in the Project and Task modules. These payloads persist in the database and are executed when viewed by an admin or other privileged users through the web interface. Although the issue is not exploitable by unauthenticated users, it still poses a high risk of session hijacking and unauthorized action within high-privilege accounts. At time of publication there is no known patch.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/horilla-opensource/horilla/security/advisories/GHSA-w242-xv47-j55r | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| horilla-opensource | horilla |
Version: = 1.3.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48867",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T17:35:26.399473Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T17:36:10.261Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "horilla",
"vendor": "horilla-opensource",
"versions": [
{
"status": "affected",
"version": "= 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Horilla is a free and open source Human Resource Management System (HRMS). A stored cross-site scripting (XSS) vulnerability in Horilla HRM 1.3.0 allows authenticated admin or privileged users to inject malicious JavaScript payloads into multiple fields in the Project and Task modules. These payloads persist in the database and are executed when viewed by an admin or other privileged users through the web interface. Although the issue is not exploitable by unauthenticated users, it still poses a high risk of session hijacking and unauthorized action within high-privilege accounts. At time of publication there is no known patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T17:25:42.227Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-w242-xv47-j55r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-w242-xv47-j55r"
}
],
"source": {
"advisory": "GHSA-w242-xv47-j55r",
"discovery": "UNKNOWN"
},
"title": "Horilla Stored Cross-Site Scripting (XSS) Vulnerability in Project and Task Modules"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48867",
"datePublished": "2025-09-24T17:25:42.227Z",
"dateReserved": "2025-05-27T20:14:34.294Z",
"dateUpdated": "2025-09-24T17:36:10.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47789 (GCVE-0-2025-47789)
Vulnerability from cvelistv5
Published
2025-05-15 19:50
Modified
2025-05-16 14:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Summary
Horilla is a free and open source Human Resource Management System (HRMS). In versions up to and including 1.3, an attacker can craft a Horilla URL that refers to an external domain. Upon clicking and logging in, the user is redirected to an external domain. This allows the redirection to any arbitrary site, including phishing or malicious domains, which can be used to impersonate Horilla and trick users. Commit 1c72404df6888bb23af73c767fdaee5e6679ebd6 fixes the issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/horilla-opensource/horilla/security/advisories/GHSA-cqp5-xx4j-r468 | x_refsource_CONFIRM | |
| https://github.com/horilla-opensource/horilla/commit/1c72404df6888bb23af73c767fdaee5e6679ebd6 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| horilla-opensource | horilla |
Version: <= 1.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47789",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-16T14:50:39.736953Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T14:51:36.535Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "horilla",
"vendor": "horilla-opensource",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Horilla is a free and open source Human Resource Management System (HRMS). In versions up to and including 1.3, an attacker can craft a Horilla URL that refers to an external domain. Upon clicking and logging in, the user is redirected to an external domain. This allows the redirection to any arbitrary site, including phishing or malicious domains, which can be used to impersonate Horilla and trick users. Commit 1c72404df6888bb23af73c767fdaee5e6679ebd6 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T19:50:28.480Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-cqp5-xx4j-r468",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-cqp5-xx4j-r468"
},
{
"name": "https://github.com/horilla-opensource/horilla/commit/1c72404df6888bb23af73c767fdaee5e6679ebd6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/horilla-opensource/horilla/commit/1c72404df6888bb23af73c767fdaee5e6679ebd6"
}
],
"source": {
"advisory": "GHSA-cqp5-xx4j-r468",
"discovery": "UNKNOWN"
},
"title": "Horilla Open Redirect Vulnerability in Login"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-47789",
"datePublished": "2025-05-15T19:50:28.480Z",
"dateReserved": "2025-05-09T19:49:35.622Z",
"dateUpdated": "2025-05-16T14:51:36.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59832 (GCVE-0-2025-59832)
Vulnerability from cvelistv5
Published
2025-09-25 14:45
Modified
2025-09-25 15:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, there is a stored XSS vulnerability in the ticket comment editor. A low-privilege authenticated user could run arbitrary JavaScript in an admin’s browser, exfiltrate the admin’s cookies/CSRF token, and hijack their session. This issue has been patched in version 1.4.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/horilla-opensource/horilla/security/advisories/GHSA-8x78-6q9g-hv2h | x_refsource_CONFIRM | |
| https://github.com/Mmo-kali/CVE/blob/main/CVE-2025-59832/2025-08-Horilla_Vulnerability_1.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| horilla-opensource | horilla |
Version: < 1.4.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59832",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-25T15:45:18.489582Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T15:48:38.332Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-8x78-6q9g-hv2h"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "horilla",
"vendor": "horilla-opensource",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, there is a stored XSS vulnerability in the ticket comment editor. A low-privilege authenticated user could run arbitrary JavaScript in an admin\u2019s browser, exfiltrate the admin\u2019s cookies/CSRF token, and hijack their session. This issue has been patched in version 1.4.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T14:45:19.214Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-8x78-6q9g-hv2h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-8x78-6q9g-hv2h"
},
{
"name": "https://github.com/Mmo-kali/CVE/blob/main/CVE-2025-59832/2025-08-Horilla_Vulnerability_1.pdf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mmo-kali/CVE/blob/main/CVE-2025-59832/2025-08-Horilla_Vulnerability_1.pdf"
}
],
"source": {
"advisory": "GHSA-8x78-6q9g-hv2h",
"discovery": "UNKNOWN"
},
"title": "Horrila Stored XSS Vulnerability via Ticket Comment section"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59832",
"datePublished": "2025-09-25T14:45:19.214Z",
"dateReserved": "2025-09-22T14:34:03.471Z",
"dateUpdated": "2025-09-25T15:48:38.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48869 (GCVE-0-2025-48869)
Vulnerability from cvelistv5
Published
2025-09-24 17:17
Modified
2025-09-24 17:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
Horilla is a free and open source Human Resource Management System (HRMS). Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, allowing attackers to retrieve sensitive candidate information without authentication. At time of publication there is no known patch.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/horilla-opensource/horilla/security/advisories/GHSA-99h5-x29f-727w | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| horilla-opensource | horilla |
Version: = 1.3.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48869",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T17:26:23.991586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T17:26:56.854Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "horilla",
"vendor": "horilla-opensource",
"versions": [
{
"status": "affected",
"version": "= 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Horilla is a free and open source Human Resource Management System (HRMS). Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, allowing attackers to retrieve sensitive candidate information without authentication. At time of publication there is no known patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T17:19:09.942Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-99h5-x29f-727w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-99h5-x29f-727w"
}
],
"source": {
"advisory": "GHSA-99h5-x29f-727w",
"discovery": "UNKNOWN"
},
"title": "Horilla Unauthorized Access to Candidate Resume Files Due to Broken Access Control"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48869",
"datePublished": "2025-09-24T17:17:40.979Z",
"dateReserved": "2025-05-27T20:14:34.295Z",
"dateUpdated": "2025-09-24T17:26:56.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48868 (GCVE-0-2025-48868)
Vulnerability from cvelistv5
Published
2025-09-24 13:51
Modified
2025-09-24 18:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Summary
Horilla is a free and open source Human Resource Management System (HRMS). An authenticated Remote Code Execution (RCE) vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval() function on a user-controlled query parameter in the project_bulk_archive view. This allows privileged users (e.g., administrators) to execute arbitrary system commands on the server. While having Django’s DEBUG=True makes exploitation visibly easier by returning command output in the HTTP response, this is not required. The vulnerability can still be exploited in DEBUG=False mode by using blind payloads such as a reverse shell, leading to full remote code execution. This issue has been patched in version 1.3.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| horilla-opensource | horilla |
Version: = 1.3.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48868",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T18:45:44.475358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T18:45:55.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "horilla",
"vendor": "horilla-opensource",
"versions": [
{
"status": "affected",
"version": "= 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Horilla is a free and open source Human Resource Management System (HRMS). An authenticated Remote Code Execution (RCE) vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python\u2019s eval() function on a user-controlled query parameter in the project_bulk_archive view. This allows privileged users (e.g., administrators) to execute arbitrary system commands on the server. While having Django\u2019s DEBUG=True makes exploitation visibly easier by returning command output in the HTTP response, this is not required. The vulnerability can still be exploited in DEBUG=False mode by using blind payloads such as a reverse shell, leading to full remote code execution. This issue has been patched in version 1.3.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:51:04.834Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-h6qj-pwmx-wjhw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-h6qj-pwmx-wjhw"
},
{
"name": "https://github.com/horilla-opensource/horilla/commit/b0aab62b3a5fe6b7114b5c58db129b3744b4d8cc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/horilla-opensource/horilla/commit/b0aab62b3a5fe6b7114b5c58db129b3744b4d8cc"
},
{
"name": "https://drive.google.com/file/d/1XQAJilt77QxkjGEa94CsZRqZIZXa3ET9/view?usp=sharing",
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/file/d/1XQAJilt77QxkjGEa94CsZRqZIZXa3ET9/view?usp=sharing"
},
{
"name": "https://drive.google.com/file/d/1hnI9AK3fnpVrTlTRF7aRJsKhZCDIm2Ve/view?usp=sharing",
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/file/d/1hnI9AK3fnpVrTlTRF7aRJsKhZCDIm2Ve/view?usp=sharing"
}
],
"source": {
"advisory": "GHSA-h6qj-pwmx-wjhw",
"discovery": "UNKNOWN"
},
"title": "Horilla vulnerable to authenticated RCE via eval() in project_bulk_archive"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48868",
"datePublished": "2025-09-24T13:51:04.834Z",
"dateReserved": "2025-05-27T20:14:34.295Z",
"dateUpdated": "2025-09-24T18:45:55.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}