Authorization Bypass in OpenSupports Affects User Privacy
CVE-2025-10696

7.1HIGH

Key Information:

Vendor: Opensupports
Status: Opensupports
Vendor: CVE Published:; 3 October 2025

🔔 Create Opensupports Vulnerability Alert

What is CVE-2025-10696?

OpenSupports contains a vulnerability that allows unauthorized modification of 'supervised users' for any account due to inadequate validation. As a result, a Level 1 staff member can alter the supervision relationships of other users, potentially revealing confidential ticket information to individuals who should not have access. This flaw undermines the system's authorization model, leading to compromised user privacy and security across the platform.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

OpenSupports Windows 4.11.0

References

https://fluidattacks.com/advisories/stratovarius

third-party-advisory

https://github.com/opensupports/opensupports

product

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Oct 3, 2025
Vulnerability Reserved
Sep 18, 2025

JSON

Opensupports

What is CVE-2025-10696?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.