Bevy
1 CVEs
product
Monthly
The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via the /notifications/delete/ URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
CSRF
Bevy
NVD
GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-54598
EPSS 0%
CVSS 6.5
MEDIUM
POC
This Week
The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via the /notifications/delete/ URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
CSRF
Bevy
NVD
GitHub