Vulnerability Database

309,364

Total vulnerabilities in the database

CVE-2025-48070

Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when chained with another vulnerability such as cross-site scripting (XSS). Version 0.23 fixes the issue.

Published: May 21, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-48070
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.5
AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CWEs:

CWE-276

Affected Software
References

Software	From	Fixed in
plane / plane	-	0.23.0

https://github.com/makeplane/plane/commit/0a8cc24da505fd519fcc3c9d6b5e15bc7ce21b29
https://github.com/makeplane/plane/security/advisories/GHSA-cjh4-q763-cc48

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo