CVE-2025-65031 is a medium-severity improper authorization vulnerability identified in the open-source scheduling and collaboration platform Rallly, affecting all versions prior to 4.5.4. The flaw resides in the comment creation endpoint of Rallly's API, where authenticated users can alter the authorName field arbitrarily. This lack of proper authorization checks allows an attacker to impersonate any user, including privileged accounts such as administrators, by forging the authorName in comments. While the vulnerability does not expose confidential data directly, it compromises the integrity of the platform by enabling attackers to post misleading or malicious comments under trusted usernames. This can facilitate phishing or social engineering attacks by deceiving users into trusting malicious content. Exploitation requires authentication but no additional user interaction, and the attack can be performed remotely over the network with low complexity. The vulnerability is tracked under CWE-285 (Improper Authorization) and CWE-639 (Authorization Bypass Through User-Controlled Key). The issue was publicly disclosed on November 19, 2025, and has been patched in Rallly version 4.5.4. No known exploits are currently reported in the wild. Organizations using vulnerable versions should prioritize updating to mitigate risks associated with impersonation and social engineering.

For European organizations, this vulnerability poses a significant risk to the integrity and trustworthiness of collaboration and scheduling communications. Attackers exploiting this flaw can impersonate administrators or other trusted users, potentially spreading misinformation, unauthorized instructions, or phishing links within organizational workflows. This can lead to operational disruptions, compromised decision-making, and increased susceptibility to social engineering attacks targeting employees. Public sector entities, educational institutions, and enterprises relying on Rallly for coordination may face reputational damage and internal confusion. Although confidentiality and availability are not directly impacted, the integrity breach can indirectly lead to broader security incidents if attackers leverage forged comments to escalate privileges or harvest credentials. The medium CVSS score reflects moderate risk but should be treated seriously given the potential for targeted deception and trust exploitation in collaborative environments.

European organizations should immediately upgrade all Rallly instances to version 4.5.4 or later, where the authorization flaw is patched. In addition to patching, administrators should audit comment logs and user activities for suspicious impersonation attempts, especially from accounts with elevated privileges. Implementing additional monitoring and alerting on unusual comment patterns or authorName changes can help detect exploitation attempts. Organizations should enforce strict authentication controls and consider multi-factor authentication to reduce the risk of compromised accounts being used to exploit this vulnerability. User training on recognizing phishing and social engineering attempts originating from internal collaboration tools is also recommended. If upgrading is temporarily not feasible, organizations can restrict comment creation API access to trusted users and networks, or deploy web application firewalls with custom rules to detect and block anomalous authorName field modifications.