User Data Exposure Vulnerability in Indico Event Management System
CVE-2025-53640

5.3MEDIUM

Key Information:

Vendor: Indico
Status: Indico
Vendor: CVE Published:; 14 July 2025

What is CVE-2025-53640?

The Indico event management system, utilizing Flask-Multipass for authentication, presents a vulnerability where endpoints could be exploited to reveal sensitive user information, including names, affiliations, and email addresses. This issue affects versions 2.2 through 3.3.6 and poses a risk for installations that permit public user account creation. While upgrading to version 3.3.7 is highly recommended to remediate this issue, administrators can also limit user searches to manager accounts as a temporary measure. However, restricting endpoint access may hinder functionality related to user details in certain forms.