CVE-2025-64753 is an incorrect authorization vulnerability (CWE-863) affecting grist-core, a spreadsheet hosting server used for collaborative document management. In versions prior to 1.7.7, users granted only partial read access to a document could still access the /compare API endpoint. This endpoint provides a list of hashes for document versions and detailed diffs of changes between versions. Due to insufficient authorization checks, these users could view changes involving cells, columns, or tables beyond their permitted access scope, leading to unauthorized disclosure of sensitive data. The vulnerability arises because the system did not enforce full read access requirements on the /compare endpoint, allowing privilege escalation in terms of data visibility. The vendor fixed this issue in version 1.7.7 by restricting /compare access strictly to users with full read permissions. As a mitigation, administrators can remove sensitive document history using the /states/remove endpoint or block the /compare endpoint to prevent exploitation. The CVSS 3.1 score of 5.3 reflects a medium severity, with network attack vector, low attack complexity, low privileges required, no user interaction, and a high confidentiality impact but no integrity or availability impact. No public exploits have been reported, but the vulnerability could be leveraged by authenticated users with partial access to gain unauthorized data visibility.

For European organizations using grist-core, this vulnerability poses a risk of unauthorized disclosure of sensitive spreadsheet data, potentially including confidential business information, financial data, or personal data protected under GDPR. Since the flaw allows users with limited read permissions to access full change histories, it could lead to exposure of information that was intentionally restricted, undermining data confidentiality and trust in document access controls. This could result in compliance violations, reputational damage, and potential legal consequences under European data protection regulations. The impact is particularly significant for sectors handling sensitive or regulated data such as finance, healthcare, legal, and government institutions. However, the vulnerability does not affect data integrity or availability, and exploitation requires at least partial document access, limiting the attack surface. Organizations relying on grist-core for collaborative workflows must assess their exposure and remediate promptly to prevent data leakage.

European organizations should immediately upgrade grist-core to version 1.7.7 or later, where the vulnerability is fixed by enforcing full read access on the /compare endpoint. If immediate upgrading is not feasible, administrators should implement the following mitigations: (1) Use the /states/remove endpoint to delete sensitive document history that could be exposed via the /compare endpoint, thereby limiting the amount of sensitive data accessible; (2) Configure access controls or network-level rules to block or restrict access to the /compare endpoint entirely, preventing unauthorized queries; (3) Audit user permissions to ensure that only trusted users have partial or full read access, minimizing the risk of insider threats; (4) Monitor logs for unusual access patterns to the /compare endpoint or document version histories; (5) Educate users about the sensitivity of document version histories and enforce strict access policies. These targeted mitigations go beyond generic advice by focusing on the specific vulnerable endpoint and document history management.