Authorization Bypass in OpenSupports Affects User Privacy
CVE-2025-10696

7.1HIGH

Key Information:

Vendor: Opensupports
Status: Opensupports
Vendor: CVE Published:; 3 October 2025

🔔 Create Opensupports Vulnerability Alert

What is CVE-2025-10696?

OpenSupports contains a vulnerability that allows unauthorized modification of 'supervised users' for any account due to inadequate validation. As a result, a Level 1 staff member can alter the supervision relationships of other users, potentially revealing confidential ticket information to individuals who should not have access. This flaw undermines the system's authorization model, leading to compromised user privacy and security across the platform.

Affected Version(s)

OpenSupports Windows 4.11.0

References

https://fluidattacks.com/advisories/stratovarius

third-party-advisory

https://github.com/opensupports/opensupports

product

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2025
Vulnerability Reserved
Sep 18, 2025

JSON