CVE-2025-65034 – An improper authorization vulnerability in Rall... (How to Fix)

Q: What is the severity of CVE-2025-65034?

CVE-2025-65034 has a CVSS score of 8.1 (HIGH). An improper authorization vulnerability in Rallly allows any authenticated user to reopen finalized polls belonging to other users by manipulating the pollId parameter. This compromises poll data integrity and availability, affecting all Rallly instances running versions prior to 4.5.4.

📋 TL;DR

An improper authorization vulnerability in Rallly allows any authenticated user to reopen finalized polls belonging to other users by manipulating the pollId parameter. This compromises poll data integrity and availability, affecting all Rallly instances running versions prior to 4.5.4.

💻 Affected Systems

Products:

Rallly

Versions: All versions prior to 4.5.4

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All Rallly deployments with authenticated users are affected. Self-hosted instances and cloud deployments both vulnerable.

📦 What is this software?

Rallly by Rallly

View all CVEs affecting Rallly →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious authenticated users could systematically reopen all finalized polls, causing widespread disruption to scheduled events, data corruption, and loss of trust in the platform.

🟠

Likely Case

Individual users reopening specific polls they shouldn't have access to, causing confusion and disruption for poll owners and participants.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to isolated incidents that can be quickly detected and rolled back.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is trivial - simply modifying pollId parameter in requests. No special tools or knowledge needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.5.4

Vendor Advisory: https://github.com/lukevella/rallly/security/advisories/GHSA-5fp2-pv2j-rqpc

Restart Required: Yes

Instructions:

1. Backup your Rallly instance. 2. Update to version 4.5.4 using your deployment method (Docker, npm, etc.). 3. Restart the application. 4. Verify the update was successful.

🔧 Temporary Workarounds

Temporary Access Restriction

all

Limit authenticated user access to only trusted individuals while planning permanent fix

Enhanced Monitoring

all

Monitor for poll reopening events and alert on suspicious activity

🧯 If You Can't Patch

Implement strict access controls and limit user permissions to only necessary functions
Deploy WAF rules to detect and block pollId parameter manipulation attempts

🔍 How to Verify

Check if Vulnerable:

Check Rallly version - if below 4.5.4, you are vulnerable. Test by attempting to reopen a finalized poll belonging to another user while authenticated.

Check Version:

Check package.json version or run 'npm list rallly' if using npm, or check Docker image tag if containerized

Verify Fix Applied:

After updating to 4.5.4, attempt to reopen a finalized poll belonging to another user - this should now fail with proper authorization error.

📡 Detection & Monitoring

Log Indicators:

Multiple poll reopen events from same user
Poll reopen events for polls not owned by the user
Rapid succession of poll status changes

Network Indicators:

POST/PUT requests to poll endpoints with modified pollId parameters
Unusual pattern of poll modification requests

SIEM Query:

source="rallly" AND (event="poll_reopened" OR event="poll_modified") | stats count by user_id, poll_id

📊 Metadata

CVE ID: CVE-2025-65034

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CWE: CWE-639

EPSS Score: 0.06% exploit probability (17.8th percentile)

Published: November 19, 2025

Last Updated: November 24, 2025

🔗 References

https://github.com/lukevella/rallly/releases/tag/v4.5.4 Release Notes
https://github.com/lukevella/rallly/security/advisories/GHSA-5fp2-pv2j-rqpc Exploit,Vendor Advisory
https://github.com/lukevella/rallly/security/advisories/GHSA-5fp2-pv2j-rqpc Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65034, you might also want to check these: