CVE-2025-67560 identifies a missing authorization vulnerability in Webilia Inc.'s Listdom software, affecting versions up to and including 5.0.1. The core issue stems from incorrectly configured access control security levels, allowing unauthenticated remote attackers to bypass authorization checks. This vulnerability enables attackers to access or manipulate data that should be restricted, impacting confidentiality and integrity but not availability. The CVSS 3.1 base score is 6.5, reflecting a network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and unchanged scope (S:U). The confidentiality and integrity impacts are rated low, while availability remains unaffected. No known exploits have been reported in the wild, indicating limited current exploitation but potential for future attacks. The vulnerability is significant because it allows unauthorized access without authentication, increasing the risk surface. The lack of vendor patches at the time of publication necessitates immediate attention to access control configurations and monitoring. Organizations relying on Listdom for managing lists or sensitive data should prioritize assessment and mitigation to prevent unauthorized data exposure or modification.

For European organizations, this vulnerability poses a risk of unauthorized data access and limited data integrity compromise, which could lead to leakage of sensitive information or unauthorized changes to list data managed by Listdom. Sectors such as finance, healthcare, government, and critical infrastructure that may use Listdom for operational or administrative purposes could face confidentiality breaches impacting compliance with GDPR and other data protection regulations. Although availability is not affected, unauthorized access could undermine trust and operational security. The ease of exploitation without authentication and user interaction increases the likelihood of attacks if the vulnerability is not addressed promptly. The absence of known exploits currently reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits over time. Organizations with internet-facing Listdom instances are particularly vulnerable to remote exploitation attempts.

1. Immediately audit and review all access control configurations within Listdom to ensure proper authorization enforcement. 2. Restrict network access to Listdom instances by implementing firewall rules and network segmentation to limit exposure to untrusted networks. 3. Monitor logs and network traffic for unusual access patterns or unauthorized attempts to access Listdom resources. 4. Engage with Webilia Inc. for timely patch releases and apply security updates as soon as they become available. 5. Implement compensating controls such as multi-factor authentication (MFA) on management interfaces if supported. 6. Conduct regular security assessments and penetration testing focusing on access control mechanisms. 7. Educate system administrators and users about the risks of misconfigured access controls and the importance of following security best practices. 8. Consider deploying Web Application Firewalls (WAFs) to detect and block unauthorized access attempts targeting this vulnerability.