CVE-2025-54461

Summary

ChatLuck contains an insufficient granularity of access control vulnerability in Invitation of Guest Users. If exploited, an uninvited guest user may register itself as a guest user.

Affected Software

VendorProductVersion RangeStatus
NEOJAPAN Inc.ChatLuckV6.6 R2.0 and earlieraffected

Weaknesses

  • CWE-1220: Insufficient Granularity of Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References