CVE-2025-48869

Horilla is a free and open source Human Resource Management System (HRMS). Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, allowing attackers to retrieve sensitive candidate information without authentication. At time of publication there is no known patch.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/horilla-opensource/horilla/security/advisories/GHSA-99h5-x29f-727w	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:horilla:horilla:1.3:*:*:*:*:*:*:*

History

17 Jun 2026, 09:30

Type	Values Removed	Values Added
Summary		(es) Horilla es un Sistema de Gestión de Recursos Humanos (HRMS) gratuito y de código abierto. Usuarios no autenticados pueden acceder a archivos de currículum vitae subidos en Horilla 1.3.0 adivinando o prediciendo directamente las URL de los archivos. Estos archivos se almacenan en un directorio de acceso público, lo que permite a los atacantes recuperar información sensible de los candidatos sin autenticación. En el momento de la publicación, no existe un parche conocido.

29 Sep 2025, 14:05

Type	Values Removed	Values Added
First Time		Horilla Horilla horilla
References	~~() https://github.com/horilla-opensource/horilla/security/advisories/GHSA-99h5-x29f-727w -~~	() https://github.com/horilla-opensource/horilla/security/advisories/GHSA-99h5-x29f-727w - Exploit, Vendor Advisory
CPE		cpe:2.3:a:horilla:horilla:1.3:::::::*

24 Sep 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-09-24 18:15

Updated : 2026-06-17 09:30

NVD link : CVE-2025-48869

Mitre link : CVE-2025-48869

CVE.ORG link : CVE-2025-48869

JSON object : View

Products Affected

horilla

horilla

CWE

CWE-284

Improper Access Control

{"id": "CVE-2025-48869", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-48869", "role": "CISA Coordinator", "options": [{"exploitation": "poc"}, {"automatable": "yes"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-24T17:26:23.991586Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "affected": [{"source": "security-advisories@github.com", "affectedData": [{"vendor": "horilla-opensource", "product": "horilla", "versions": [{"status": "affected", "version": "= 1.3.0"}]}]}], "published": "2025-09-24T18:15:37.677", "references": [{"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-99h5-x29f-727w", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "Horilla is a free and open source Human Resource Management System (HRMS). Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, allowing attackers to retrieve sensitive candidate information without authentication. At time of publication there is no known patch."}, {"lang": "es", "value": "Horilla es un Sistema de Gesti\u00f3n de Recursos Humanos (HRMS) gratuito y de c\u00f3digo abierto. Usuarios no autenticados pueden acceder a archivos de curr\u00edculum vitae subidos en Horilla 1.3.0 adivinando o prediciendo directamente las URL de los archivos. Estos archivos se almacenan en un directorio de acceso p\u00fablico, lo que permite a los atacantes recuperar informaci\u00f3n sensible de los candidatos sin autenticaci\u00f3n. En el momento de la publicaci\u00f3n, no existe un parche conocido."}], "lastModified": "2026-06-17T09:30:24.767", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:horilla:horilla:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB689BA6-40B8-4E5F-AEB4-6DCB6C76A651"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}