CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Onyx: >> Onyx >> 0.27.0 Security Vulnerabilities

CVE-2025-51479

Authorization bypass in update_user_group in onyx-dot-app Onyx Enterprise Edition 0.27.0 allows remote authenticated attackers to modify arbitrary user groups via crafted PATCH requests to the /api/manage/admin/user-group/id endpoint, bypassing intended curator-group assignment checks.

CVSS Score

5.4

EPSS Score

0.0

Published

2025-07-22

Page 1

Vulnerabilities

Vulnerable Software

Onyx: >> Onyx >> 0.27.0 Security Vulnerabilities

Products

Pricing

Contact Us