Sensitive File Exposure in Pretix API by Pretix
CVE-2025-14881

3.8LOW

Key Information:

Vendor: Pretix
Status: Pretix
Vendor: CVE Published:; 19 December 2025

What is CVE-2025-14881?

The Pretix API has multiple endpoints that unintentionally allowed unauthorized access to sensitive user files. By simply knowing the UUID of these files, users could access information that was not meant to be publicly accessible, posing a significant risk to data privacy and security.

Affected Version(s)

pretix 1.0.0 < 2025.8.0

pretix 2025.8.0 < 2025.9.0

pretix 2025.9.0 < 2025.10.0

References

https://pretix.eu/about/en/blog/20251218-release-2025-10-1/

vendor-advisory

CVSS V4

Score:

3.8

Severity:

LOW

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 19, 2025
Vulnerability Reserved
Dec 18, 2025

Credit

Deniz Parlak (https://github.com/DenizParlak)

JSON