CVE-2025-65031 is a medium-severity improper authorization vulnerability (CWE-285) found in Rallly, an open-source scheduling and collaboration platform. The flaw exists in the comment creation endpoint where the application fails to properly validate the authorName field submitted by authenticated users. This allows an attacker with valid credentials to arbitrarily set the authorName to any username, including privileged accounts such as administrators. Consequently, attackers can post comments that appear to originate from trusted or high-privilege users, undermining the integrity of communications within the platform. This vulnerability does not expose sensitive data directly (no confidentiality impact) but can facilitate social engineering, phishing, or misinformation campaigns by exploiting user trust. The vulnerability is remotely exploitable without user interaction beyond authentication and requires low attack complexity. It affects all Rallly versions prior to 4.5.4, where the issue has been fixed. No public exploits have been reported, but the potential for misuse in collaborative environments is significant, especially where Rallly is used for organizational scheduling and decision-making.

For European organizations, this vulnerability poses a significant risk to the integrity of internal communications and collaboration workflows. Attackers impersonating administrators or other trusted users can disseminate misleading information, manipulate scheduling decisions, or conduct targeted phishing attacks leveraging the trust established within the platform. This could lead to operational disruptions, reputational damage, and potential compliance issues, especially in sectors with strict data governance such as finance, healthcare, and government. Since Rallly is an open-source tool often adopted by SMEs and community organizations, the impact may be more pronounced in entities relying heavily on this platform for coordination. The lack of confidentiality impact limits direct data breaches, but the indirect consequences of trust exploitation and social engineering can be severe. Given the remote exploitability and low complexity, attackers with valid credentials (e.g., compromised or insider accounts) can easily abuse this flaw.

European organizations using Rallly should immediately upgrade to version 4.5.4 or later to apply the official patch addressing this authorization flaw. Until the upgrade is completed, organizations should restrict access to the comment creation API endpoint to trusted users only and monitor comment activity for suspicious impersonation attempts. Implementing additional logging and alerting on comment submissions that use privileged usernames can help detect exploitation attempts. Organizations should also review user access controls to minimize the number of users with administrative privileges and enforce strong authentication mechanisms to reduce the risk of credential compromise. Educating users about the possibility of impersonation and encouraging verification of unusual requests can mitigate social engineering risks. Finally, consider deploying web application firewalls (WAFs) with custom rules to detect and block anomalous API requests that manipulate authorName fields.