Base Score

LOW3.8

CVE-2025-14882

An API endpoint allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only.

VectorNETWORK

Published By655498c3-6ec5-4f0b-aea6-853b334d05a6

Published DateDec 19, 2025, 13:16

Affected Versions(3)

pretix(PyPI)

Introduced2025.10.0

Fixed2025.10.1

LimitN/A

pretix(PyPI)

Introduced2025.9.0

Fixed2025.9.3

LimitN/A

pretix(PyPI)

Introduced0

Fixed2025.8.3

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
pretix(PyPI)	2025.10.0	2025.10.1	N/A
pretix(PyPI)	2025.9.0	2025.9.3	N/A
pretix(PyPI)	0	2025.8.3	N/A

Weakness Type (CWE):CWE-639

CVSS Metrics

Base Score

3.8

Vector String

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Base Severity

LOW

Version

4.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

References

https://pretix.eu/about/en/blog/20251218-release-2025-10-1/

Base Score

LOW3.8

Weakness Type (CWE):CWE-639

CVSS Metrics

Base Score

3.8

Vector String

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Base Severity

LOW

Version

4.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)