CVE-2025-63562

MEDIUM

Summerpearlgroup Vacation Rental Management Platform < 1.0.2 - Improper Access Control

Title source: rule

Description

Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 suffers from insufficient server-side authorization. Authenticated attackers can call several endpoints and perform create/update/delete actions on resources owned by arbitrary users by manipulating request parameters (e.g., owner or resource id).

References (1)

Core 1

Core References

Third Party Advisory

https://github.com/Stolichnayer/Summer-Pearl-Group-Broken-Access-Control

View Writeup ZIP pw:eip

Scores

CVSS v3 6.3

EPSS 0.0005

EPSS Percentile 14.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (1)

summerpearlgroup/vacation_rental_management_platform < 1.0.2

Published Oct 31, 2025

Tracked Since Feb 18, 2026