CVE-2025-62966 is a Missing Authorization vulnerability identified in Apiki's GoCache product, specifically affecting versions up to and including 1.3.6. The root cause is incorrectly configured access control security levels within the GoCache CDN system, which allows attackers with limited privileges (PR:L) to bypass authorization checks remotely (AV:N) without requiring user interaction (UI:N). This misconfiguration can lead to unauthorized access to cached content or administrative functions, potentially exposing sensitive data or enabling unauthorized modifications. The vulnerability does not affect system availability but impacts confidentiality and integrity. The CVSS 3.1 base score is 5.4 (medium), reflecting the low attack complexity (AC:L) but the requirement for some privileges. No known exploits have been reported in the wild, and no official patches have been linked yet, indicating that the vulnerability is newly published and may require immediate attention from organizations using GoCache. The issue highlights the importance of proper access control implementation in CDN products, as misconfigurations can expose critical web infrastructure components to unauthorized users.

For European organizations, this vulnerability poses a risk of unauthorized disclosure of cached web content and potential unauthorized changes to cache configurations or data integrity. Organizations relying on Apiki GoCache for content delivery may face data leakage or manipulation risks, which can undermine customer trust and violate data protection regulations such as GDPR. Although availability is not impacted, the confidentiality and integrity breaches could lead to reputational damage and compliance issues. Attackers with limited privileges, such as lower-level users or compromised accounts, could exploit this vulnerability remotely, increasing the threat surface. The lack of known exploits currently reduces immediate risk, but the presence of a publicly known vulnerability may attract attackers targeting European CDN infrastructure or web services using GoCache.

1. Immediately review and audit all access control configurations within Apiki GoCache instances to ensure strict authorization enforcement, especially for administrative and sensitive functions. 2. Restrict access to GoCache management interfaces and APIs to trusted IP ranges and authenticated users with the minimum necessary privileges. 3. Monitor logs and network traffic for unusual access patterns or unauthorized attempts to access restricted resources. 4. Engage with Apiki for updates and apply security patches promptly once released. 5. Consider implementing additional network segmentation and multi-factor authentication for GoCache administrative access. 6. Conduct regular security assessments and penetration tests focusing on access control mechanisms within CDN infrastructure. 7. Educate relevant IT and security staff about this vulnerability and the importance of proper access control configurations.