CVE-2025-24577: Missing Authorization in Ays Pro Poll Maker
Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 5.5.0.
AI Analysis
Technical Summary
This vulnerability in Ays Pro Poll Maker is due to missing authorization checks caused by incorrectly configured access control security levels. It affects versions up to 5.5.0 and allows unauthorized users to perform actions that can alter data integrity and availability. The CVSS vector indicates the attack can be performed remotely without privileges or user interaction, with low attack complexity. No confidentiality impact is noted.
Potential Impact
Exploitation of this vulnerability can lead to unauthorized modification of data and potential denial of service conditions within the affected Poll Maker application. There is no impact on confidentiality. The medium CVSS score reflects the potential for integrity and availability impacts without requiring user interaction or privileges.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, review and strengthen access control configurations to ensure proper authorization enforcement. Monitor for updates from the vendor regarding patches or official mitigations.
CVE-2025-24577: Missing Authorization in Ays Pro Poll Maker
Description
Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 5.5.0.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Ays Pro Poll Maker is due to missing authorization checks caused by incorrectly configured access control security levels. It affects versions up to 5.5.0 and allows unauthorized users to perform actions that can alter data integrity and availability. The CVSS vector indicates the attack can be performed remotely without privileges or user interaction, with low attack complexity. No confidentiality impact is noted.
Potential Impact
Exploitation of this vulnerability can lead to unauthorized modification of data and potential denial of service conditions within the affected Poll Maker application. There is no impact on confidentiality. The medium CVSS score reflects the potential for integrity and availability impacts without requiring user interaction or privileges.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, review and strengthen access control configurations to ensure proper authorization enforcement. Monitor for updates from the vendor regarding patches or official mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Patchstack
- Date Reserved
- 2025-01-23T14:50:41.360Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 69cd7262e6bfc5ba1dee93b6
Added to database: 4/1/2026, 7:30:42 PM
Last enriched: 5/1/2026, 9:15:58 AM
Last updated: 5/21/2026, 11:55:41 PM
Views: 34
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.