This vulnerability (CVE-2025-39536) in Chimpstudio JobHunt Job Alerts is classified as CWE-862 (Missing Authorization). It allows attackers to bypass access control mechanisms due to incorrectly configured security levels, potentially leading to unauthorized modification or disruption of service. The issue affects versions up to 3.6. The CVSS 3.1 base score is 8.2, with network attack vector, low attack complexity, no privileges or user interaction required, unchanged scope, no confidentiality impact, low integrity impact, and high availability impact. No patch or vendor advisory is currently available, and the product is not a cloud service.

The vulnerability allows unauthorized users to perform actions that can degrade the integrity and availability of the JobHunt Job Alerts system. While confidentiality is not impacted, the ability to alter or disrupt service without authorization poses a high risk to system reliability and trustworthiness. No known exploits have been reported, so active exploitation is not confirmed.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or fix is currently available and the product is not cloud-hosted, users should monitor vendor communications closely for updates. Until a fix is released, consider restricting access to the affected system components and reviewing access control configurations to mitigate unauthorized access risks.