{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T17:40:21.684","vulnerabilities":[{"cve":{"id":"CVE-2025-48869","sourceIdentifier":"security-advisories@github.com","published":"2025-09-24T18:15:37.677","lastModified":"2025-09-29T14:05:30.127","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Horilla is a free and open source Human Resource Management System (HRMS). Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, allowing attackers to retrieve sensitive candidate information without authentication. At time of publication there is no known patch."},{"lang":"es","value":"Horilla es un Sistema de Gestión de Recursos Humanos (HRMS) gratuito y de código abierto. Usuarios no autenticados pueden acceder a archivos de currículum vitae subidos en Horilla 1.3.0 adivinando o prediciendo directamente las URL de los archivos. Estos archivos se almacenan en un directorio de acceso público, lo que permite a los atacantes recuperar información sensible de los candidatos sin autenticación. En el momento de la publicación, no existe un parche conocido."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:horilla:horilla:1.3:*:*:*:*:*:*:*","matchCriteriaId":"FB689BA6-40B8-4E5F-AEB4-6DCB6C76A651"}]}]}],"references":[{"url":"https://github.com/horilla-opensource/horilla/security/advisories/GHSA-99h5-x29f-727w","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}