CVE-2025-65020 | lukevella rallly up to 4.5.3 polls.duplicate pollId improper authorization (GHSA-44w7-pf32-gv5m)

A vulnerability identified as critical has been detected in lukevella rallly up to 4.5.3. This issue affects some unknown processing of the file /api/trpc/polls.duplicate. Performing manipulation of the argument pollId results in improper authorization.

This vulnerability is known as CVE-2025-65020. Remote exploitation of the attack is possible. No exploit is available.

You should upgrade the affected component.VulDB Recent EntriesRead More