The following table lists the changes that have been made to the
CVE-2025-4962 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.
Aug. 18, 2025
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Description | An Insecure Direct Object Reference (IDOR) vulnerability was identified in the `POST /v1/templates` endpoint of the Lunary API, affecting versions up to 0.8.8. This vulnerability allows authenticated users to create templates in another user’s project by altering the `projectId` query parameter. The root cause of this issue is the absence of server-side validation to ensure that the authenticated user owns the specified `projectId`. The vulnerability has been addressed in version 1.9.23. | |
| Added | CVSS V3 | AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N | |
| Added | CWE | CWE-284 | |
| Added | Reference | https://github.com/lunary-ai/lunary/commit/e977d06f18a615963ffbe07e5bdff70218c29907 | |
| Added | Reference | https://huntr.com/bounties/137a0aef-e243-49d4-832f-8e56056cba1a |
CVE ID : CVE-2025-10304 Published : Dec. 3, 2025, 3:27 a.m. | 26 minutes ago Description : The Everest Backup –
CVE ID : CVE-2025-12585 Published : Dec. 3, 2025, 3:27 a.m. | 26 minutes ago Description : The MxChat – AI
Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN
Company Registration Number: 5334133
Company VAT Number: 855 7246 95
