CVE Field Guide
About Us
CVE-2025-15626
PUBLISHED
Authenticated user can bypass authorization in Ribblr - Crochet & Knitting iOS application
Assigner:
NCSC-FI
Reserved:
09.04.2026
Published:
27.04.2026
Updated:
27.04.2026
Authenticated user can bypass authorization in Ribblr - Crochet & Knitting iOS application
Metrics
CVSS 4.0
CVSS Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y
CVSS Score:
5.3
CVSS score
5.3
Exploitability Metrics
Vulnerable System Impact Metrics
Subsequent System Impact Metrics
Attack Vector
Network
Confidentiality
Low
Confidentiality
None
Attack Complexity
Low
Integrity
None
Integrity
None
Attack Requirements
None
Availability
None
Availability
None
Privileges Required
Low
User Interaction
None
CVSS 4.0
Product Status
Vendor
Ribblr
Product
Crotchet and Knitting
Versions
Default:
affected
Version 2.5 is affected
Credits
Aino Kivilahti
finder
References
https://ribblr.com/
Problem Types
CWE-639 Authorization bypass through User-Controlled key
CWE
Impacts
CAPEC-122 Privilege Abuse