CVE-2025-58664 is a Missing Authorization vulnerability (CWE-862) identified in the Azizul Hasan Text To Speech (TTS) Accessibility software, affecting versions up to 1.9.20. This vulnerability arises due to improperly configured access control mechanisms, allowing users with limited privileges (PR:L - privileges required: low) to perform actions or access resources beyond their authorization scope without requiring any user interaction (UI:N). The vulnerability is remotely exploitable over the network (AV:N) and does not require elevated privileges or authentication beyond low-level access. The impact primarily affects the integrity of the system, as unauthorized users can modify or manipulate certain functionalities or data within the TTS application. Confidentiality and availability are not directly impacted. The CVSS v3.1 base score is 4.3, indicating a medium severity level. No known exploits are currently in the wild, and no patches have been published yet. The vulnerability highlights a failure in enforcing proper authorization checks, which could allow attackers to misuse TTS accessibility features, potentially leading to unauthorized modifications or misuse of the service. Given the nature of TTS accessibility tools, which are often integrated into assistive technologies or user interfaces, exploitation could disrupt user experience or lead to unauthorized control over speech output features.

For European organizations, this vulnerability could have several implications. Organizations relying on Azizul Hasan Text To Speech TTS Accessibility for assistive technologies, customer service automation, or accessibility compliance may face risks of unauthorized manipulation of speech output or related settings. This could degrade service quality, cause misinformation through altered speech synthesis, or violate accessibility regulations if the tool is used in public-facing or critical communication systems. While the confidentiality impact is low, integrity issues could undermine trust in automated communication systems. Additionally, organizations in sectors such as healthcare, education, or government that use TTS for accessibility may face compliance risks under EU regulations like the European Accessibility Act. The lack of user interaction requirement and remote exploitability increase the risk of automated attacks, especially in environments where the software is exposed to external networks. However, the medium severity and absence of known exploits suggest that immediate widespread impact is limited but should not be ignored.

Organizations should implement strict network segmentation and access controls to limit exposure of the TTS Accessibility software to only trusted users and systems. Monitoring and logging access to the TTS service can help detect anomalous activities indicative of exploitation attempts. Since no patches are currently available, applying compensating controls such as restricting the privileges of users who can access the TTS system is critical. Conducting a thorough review of authorization policies and configurations within the TTS software environment is recommended to identify and remediate misconfigurations. Additionally, organizations should prepare for patch deployment by establishing communication with the vendor or monitoring for updates. If feasible, consider temporary disabling or isolating the vulnerable TTS components until a fix is released. Finally, raising awareness among IT and security teams about this vulnerability will help ensure rapid response if exploitation attempts are detected.