Data Exposure Vulnerability in LinkAce by Kovah
CVE-2025-62720

7.1HIGH

Key Information:

Vendor

Kovah

Status
Linkace
Vendor
CVE Published:
4 November 2025

What is CVE-2025-62720?

LinkAce, a self-hosted link management tool, has a significant vulnerability that enables authenticated users to export the entire database of links belonging to all users, including private links. This occurs because the export functionalities do not enforce ownership or visibility checks, allowing any authenticated user to bypass established access controls. The flaw has been rectified in version 2.4.0, which implements proper filtering measures.

Affected Version(s)

LinkAce < 2.4.0

References

https://github.com/Kovah/LinkAce/security/advisories/GHSA...
x_refsource_CONFIRM
https://github.com/Kovah/LinkAce/commit/0ba49dba5176db390...
x_refsource_MISC
https://github.com/Kovah/LinkAce/releases/tag/v2.4.0
x_refsource_MISC

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-62720 : Data Exposure Vulnerability in LinkAce by Kovah