Authorization Bypass in Movary Application
CVE-2025-64116

5.1MEDIUM

Key Information:

Vendor

Leepeuker

Status
Movary
Vendor
CVE Published:
30 October 2025

What is CVE-2025-64116?

The Movary web application, used for tracking movie viewing history, has a significant vulnerability that allows attackers to exploit insufficient validation on its login page. This issue enables unauthorized redirection of authenticated users to any external websites, posing a high risk to user data and security. This vulnerability has been addressed in version 0.69.0, underscoring the importance of keeping applications updated to mitigate such risks.

Affected Version(s)

movary < 0.69.0

References

https://github.com/leepeuker/movary/security/advisories/G...
x_refsource_CONFIRM
https://github.com/leepeuker/movary/pull/713
x_refsource_MISC
https://github.com/leepeuker/movary/commit/716f703b4464ff...
x_refsource_MISC

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.