Immich
Monthly
Immich versions prior to 2.5.0 contain an improper access control flaw that allows any authenticated API key to escalate its privileges to full administrator level by manipulating the update endpoint. Public exploit code exists for this vulnerability, enabling attackers with basic API access to completely compromise the system. The flaw affects all unpatched Immich installations and requires upgrading to version 2.5.0 or later to remediate.
Immich versions prior to 2.5.0 contain an improper access control flaw that allows any authenticated API key to escalate its privileges to full administrator level by manipulating the update endpoint. Public exploit code exists for this vulnerability, enabling attackers with basic API access to completely compromise the system. The flaw affects all unpatched Immich installations and requires upgrading to version 2.5.0 or later to remediate.