HIGH🇵🇱 Wersja polska

CVE-2025-65017

CVSS 8.2v4.0pub. 2026-02-03upd. 2026-02-23

Decidim is a participatory democracy framework. In versions from 0.30.0 to before 0.30.4 and from 0.31.0.rc1 to before 0.31.0, the private data exports can lead to data leaks in case the UUID generation, causing collisions for the generated UUIDs. This issue has been patched in versions 0.30.4 and 0.31.0.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Decidim

    APP
    Decidim
    0.31.00.30.0 – 0.30.4 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-23891CRITICAL9.3PL ✓ten sam produkt

Stored XSS w polu nazwy użytkownika Decidim umożliwia zdalne wykonanie kodu

CVE-2023-36465CRITICAL9.1ten sam produkt

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelo...

CVE-2026-40869HIGH7.5ten sam produkt

Decidim is a participatory democracy framework. Starting in version 0.19.0 and prior to versions 0.30.5 and 0....

CVE-2024-45594HIGH7.7ten sam produkt

Decidim is a participatory democracy framework. The meeting embeds feature used in the online or hybrid meetin...

CVE-2023-34090HIGH7.5ten sam produkt

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelo...