CVE-2025-47781: Rallly Insufficient Password Login Token Entropy Leads to Account Takeover
First published: Wed May 14 2025(Updated: )
Rallly is an open-source scheduling and collaboration tool. Versions up to and including 3.22.1 of the application features token based authentication. When a user attempts to login to the application, they insert their email and a 6 digit code is sent to their email address to complete the authentication. A token that consists of 6 digits only presents weak entropy however and when coupled with no token brute force protection, makes it possible for an unauthenticated attacker with knowledge of a valid email address to successfully brute force the token within 15 minutes (token expiration time) and take over the account associated with the targeted email address. All users on the Rallly applications are impacted. As long as an attacker knows the user's email address they used to register on the app, they can systematically take over any user account. For the authentication mechanism to be safe, the token would need to be assigned a complex high entropy value that cannot be bruteforced within reasonable time, and ideally rate limiting the /api/auth/callback/email endpoint to further make brute force attempts unreasonable within the 15 minutes time. As of time of publication, no patched versions are available.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rallly | <=3.22.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-47781?
CVE-2025-47781 is rated as a high severity vulnerability due to its potential exploitation affecting user authentication.
How do I fix CVE-2025-47781?
To fix CVE-2025-47781, upgrade to Rallly version 3.22.2 or later, which addresses the authentication flaw.
What types of systems are affected by CVE-2025-47781?
CVE-2025-47781 affects Rallly versions up to and including 3.22.1.
Can CVE-2025-47781 be exploited remotely?
Yes, CVE-2025-47781 can be exploited remotely, allowing attackers to bypass authentication mechanisms.
Is CVE-2025-47781 related to email security?
Yes, CVE-2025-47781 is associated with an email-based authentication process that can be compromised.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/author
- agent/severity
- agent/event
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/rallly
- canonical/rallly