CVE-2025-64012

Published December 16th, 2025

View on NVD ↗

CVSS v3

4.3

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

InvoicePlane commit debb446c is vulnerable to Incorrect Access Control. The invoices/view handler fails to verify ownership before returning invoice data.

InvoicePlane/InvoicePlane

A self-hosted open source application for managing your invoices, clients and payments.

GitHub

3.06K