CVE-2025-24591

Summary

CVE-2025-24591 is a Missing Authorization vulnerability affecting NinjaTeam's GDPR CCPA Compliance Support. This issue arises due to incorrectly configured access control security levels, enabling exploitation. The vulnerability exists in versions from n/a to 2.7.1 of the GDPR CCPA Compliance Support software. Successful exploitation could lead to unauthorized access or modification of sensitive data, posing a significant risk to organizations using the affected software. It is recommended that users upgrade to the latest version or implement additional security measures to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.