CVE-2025-1007

In OpenVSX version v0.9.0 to v0.20.0, the 
/user/namespace/{namespace}/details API allows a user to edit all 
namespace details, even if the user is not a namespace Owner or 
Contributor. The details include: name, description, website, support 
link and social media links. The same issues existed in 
/user/namespace/{namespace}/details/logo and allowed a user to change 
the logo.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
eclipseCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Common Weakness Enumeration
References
https://github.com/eclipse/openvsx/security/advisories/GHSA-wc7c-xq2f-qp4h