CVE-2025-63293

FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorization checks in the ticketing/commenting API.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://fairsketch.com	Product
https://medium.com/@barrattjack89/cve-2025-63293-insecure-permissions-in-rise-crm-3-9-4-452c88c24195	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:fairsketch:rise_ultimate_project_manager:3.9.4:*:*:*:*:*:*:*

History

14 Nov 2025, 18:32

Type	Values Removed	Values Added
First Time		Fairsketch Fairsketch rise Ultimate Project Manager
CPE		cpe:2.3:a:fairsketch:rise_ultimate_project_manager:3.9.4:::::::*
References	~~() http://fairsketch.com -~~	() http://fairsketch.com - Product
References	~~() https://medium.com/@barrattjack89/cve-2025-63293-insecure-permissions-in-rise-crm-3-9-4-452c88c24195 -~~	() https://medium.com/@barrattjack89/cve-2025-63293-insecure-permissions-in-rise-crm-3-9-4-452c88c24195 - Exploit, Third Party Advisory

03 Nov 2025, 21:19

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-11-03 21:19

Updated : 2025-11-14 18:32

NVD link : CVE-2025-63293

Mitre link : CVE-2025-63293

CVE.ORG link : CVE-2025-63293

JSON object : View

Products Affected

fairsketch

rise_ultimate_project_manager

CWE

CWE-862

Missing Authorization

6.5 /10