CVE-2025-60103 is a medium-severity vulnerability classified under CWE-862 (Missing Authorization) affecting the ListingPro product developed by CridioStudio. The vulnerability arises due to incorrectly configured access control security levels, which results in missing authorization checks. This flaw allows an attacker with limited privileges (PR:L - privileges required: low) to perform unauthorized actions that can impact the integrity and availability of the system without requiring any user interaction (UI:N). The vulnerability is remotely exploitable over the network (AV:N) and does not require user interaction, making it easier to exploit. The CVSS v3.1 base score is 5.4, reflecting a moderate risk. The vulnerability affects ListingPro versions up to 2.9.8, though the exact affected versions are not fully enumerated. Since no patches or known exploits in the wild have been reported yet, the vulnerability is newly disclosed as of September 26, 2025. The missing authorization means that certain operations or data listings within ListingPro can be accessed or manipulated by users who should not have the necessary permissions, potentially leading to unauthorized data modification or service disruption. Given ListingPro is a directory and listing management platform often used by businesses to manage online listings, this vulnerability could allow attackers to alter listings, disrupt service availability, or degrade data integrity within affected deployments.

For European organizations using ListingPro, this vulnerability poses a risk to the integrity and availability of their online directory and listing services. Unauthorized modification of listings could lead to misinformation, reputational damage, and loss of customer trust. Availability impacts could disrupt business operations relying on ListingPro for customer engagement or service discovery. Since ListingPro is often used by small to medium enterprises and service providers, exploitation could affect a broad range of sectors including retail, hospitality, and professional services. The medium severity score indicates that while the vulnerability is not critical, it still represents a significant risk, especially if leveraged as part of a larger attack chain. Organizations in Europe that rely on ListingPro for customer-facing services may experience operational disruptions or data integrity issues if this vulnerability is exploited. The lack of known exploits in the wild currently reduces immediate risk, but the ease of exploitation (no user interaction, low privileges required) means attackers could develop exploits rapidly once the vulnerability is public knowledge.

European organizations should immediately review and tighten access control configurations within ListingPro, ensuring that authorization checks are correctly implemented for all sensitive operations and data listings. Since no official patches are currently available, organizations should consider implementing compensating controls such as restricting network access to the ListingPro management interfaces to trusted IP addresses only and enforcing strict role-based access controls (RBAC) to minimize privilege exposure. Monitoring and logging access to critical functions within ListingPro should be enhanced to detect any unauthorized attempts promptly. Organizations should also prepare to apply patches or updates from CridioStudio as soon as they are released. Additionally, conducting a thorough audit of user privileges and removing unnecessary permissions can reduce the attack surface. For environments where ListingPro is exposed to the internet, deploying Web Application Firewalls (WAFs) with custom rules to detect anomalous access patterns related to authorization bypass attempts can provide an additional layer of defense.