CVE-2025-26965

Summary

CVE-2025-26965 is a newly disclosed vulnerability that affects the Amelia booking system. This issue is classified as an Authorization Bypass vulnerability, which allows unauthorized access to protected functionalities. The root cause lies in the user-controlled key functionality, which can be exploited if access control security levels are incorrectly configured. Amelia versions from n/a through 1.2.16 are reportedly affected by this vulnerability. Successful exploitation could result in significant data exposure or unauthorized modifications. System administrators are advised to promptly apply the necessary security patches to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.