CVE-2025-53709

| EUVD-2025-21048 MEDIUM
2025-07-10 [email protected]
Authentication Bypass
5.4
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

4
patch_available
Apr 16, 2026 - 05:29 EUVD
0.815.0
Analysis Generated
Mar 16, 2026 - 06:52 vuln.today
EUVD ID Assigned
Mar 16, 2026 - 06:52 euvd
EUVD-2025-21048
CVE Published
Jul 10, 2025 - 19:15 nvd
MEDIUM 5.4

DescriptionNVD

Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments.

Under specific circumstances, privileged users of secure-upload could have selected email templates not necessarily created for their enrollment when sending data upload requests. Authenticated and privileged users of one enrollment could have abused an endpoint to redirect existing submission channels to a dataset they control. An endpoint handling domain validation allowed unauthenticated users to enumerate existing enrollments. Finally, other endpoints allowed enumerating if a resource with a known RID exists across enrollments.

The affected service has been patched with version 0.815.0 and automatically deployed to all Apollo-managed Foundry instances.

AnalysisAI

A security vulnerability in Secure-upload (CVSS 5.4). Remediation should follow standard vulnerability management procedures.

Technical ContextAI

CWE-285 (Improper Authorization). Affects Secure-upload.

RemediationAI

Monitor vendor channels for patch availability.

Share

CVE-2025-53709 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy