CNNVD-202512-3767 Information

CNNVD ID

CNNVD-202512-3767

Related CVE

CVE-2025-14881

• CNNVD Published: 2025-12-19

Description (Chinese)

pretix是德国pretix公司的一款全程关心您活动的票务软件。 pretix存在安全漏洞，该漏洞源于多个API端点允许通过UUID访问敏感文件，可能导致未授权数据访问。

Description (English)

Pretix is a German pretix all-time ticketing software. There is a security loophole in pretix, which stems from the fact that multiple API endpoints allow access to sensitive documents through UUID, which may lead to unauthorized data access.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

pretix

Published

2025-12-19

Last Modified

2026-02-24

References

https://pretix.eu/about/en/blog/20251218-release-2025-10-1/ https://access.redhat.com/security/cve/cve-2025-14881

Patch

https://pretix.eu/about/en/blog/20251219-release-2025-10-1/