The vulnerability identified as CVE-2025-24600 affects the RSVPMarker plugin by davidfcarr, specifically versions up to 11.4.5. It is classified as a missing authorization issue, meaning that the software fails to properly verify whether a user has the necessary permissions before allowing certain operations. The CVSS 3.1 base score is 5.3, with vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, indicating network attack vector, low attack complexity, no privileges or user interaction required, unchanged scope, no confidentiality or availability impact, but some integrity impact. No patch or official remediation information is currently available, and no exploits have been observed in the wild.

The vulnerability allows unauthorized users to perform actions that should require authorization, potentially leading to integrity issues within the affected system. However, there is no impact on confidentiality or availability reported. The medium CVSS score reflects a moderate risk level due to the integrity impact without requiring privileges or user interaction.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should monitor for updates from the vendor and consider restricting access to the affected plugin where possible to reduce exposure.