CVE-2025-65032 is a medium-severity vulnerability classified under CWE-639 (Authorization Bypass Through User-Controlled Key) affecting Rallly, an open-source scheduling and collaboration platform. The flaw exists in versions prior to 4.5.4 and allows any authenticated user to change the display names of other poll participants without proper authorization. This is achieved by manipulating the participantId parameter in the rename request, which the application fails to properly validate against the user's permissions. The vulnerability is an example of an Insecure Direct Object Reference (IDOR), where direct access to internal objects (participant identifiers) is not sufficiently protected. Exploiting this flaw compromises data integrity by enabling unauthorized renaming, which can cause confusion, disrupt collaboration, and facilitate impersonation attacks. The attack vector is remote network-based, requiring only low complexity and no user interaction, but does require the attacker to be authenticated. The vulnerability does not impact confidentiality or availability but has a high impact on integrity. The issue was publicly disclosed on November 19, 2025, and fixed in Rallly version 4.5.4. No known exploits have been reported in the wild to date.

For European organizations using Rallly versions prior to 4.5.4, this vulnerability poses a risk to the integrity of collaborative scheduling data. Unauthorized renaming of participants can lead to confusion in meeting coordination, reduce trust among users, and potentially facilitate social engineering or impersonation attacks within organizations. While it does not directly expose sensitive data or disrupt service availability, the integrity compromise can degrade operational efficiency and cause reputational damage, especially in environments relying heavily on accurate participant identification for decision-making or compliance. Organizations in sectors with strict collaboration and audit requirements, such as finance, healthcare, and government, may face increased risks. The requirement for authentication limits exposure to internal or invited users, but insider threats or compromised accounts could exploit this flaw. The absence of known exploits suggests limited immediate risk, but the vulnerability should be addressed promptly to prevent future abuse.

European organizations should immediately upgrade Rallly installations to version 4.5.4 or later, where the vulnerability is patched. Until upgrading, implement strict access controls and monitoring on Rallly instances to detect unusual renaming activities. Limit user permissions to the minimum necessary and audit user accounts regularly to reduce the risk of compromised credentials. Employ network segmentation and restrict Rallly access to trusted users only. Consider implementing additional application-layer logging to track participant name changes and alert on unauthorized modifications. Educate users about the risks of impersonation and encourage reporting of suspicious behavior. If upgrading is not immediately feasible, deploy web application firewalls (WAFs) with custom rules to block requests manipulating the participantId parameter in unauthorized ways. Finally, review and enhance authentication mechanisms to prevent account compromise, as exploitation requires authenticated access.