Session Handler Vulnerability in Rowboat by Rowboat Labs
CVE-2025-7115

6.9MEDIUM

Key Information:

Vendor

Rowboatlabs

Status
Rowboat
Vendor
CVE Published:
7 July 2025

What is CVE-2025-7115?

A vulnerability has been identified in the Rowboat product, specifically within the Session Handler component's PUT function. This flaw arises due to inadequate authentication mechanisms, allowing potential attackers to exploit the functionality remotely. This vulnerability affects all versions leading up to the specific commit, and the constant delivery model employed by Rowboat makes it challenging to pinpoint exact version details. A fix is anticipated in the near future, emphasizing the need for users to remain vigilant regarding their security practices.

Affected Version(s)

rowboat 8096eaf63b5a0732edd8f812bee05b78e214ee97

References

https://vuldb.com/?id.315026
vdb-entrytechnical-description
https://vuldb.com/?ctiid.315026
signaturepermissions-required
https://vuldb.com/?submit.604899
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.