PatchSiren cyber security CVE debrief
CVE-2025-68049 bunny.net CVE debrief
A Subscriber Broken Access Control vulnerability was discovered in bunny.net <= 2.3.6 versions. This vulnerability has been assigned a CVSS score of 6.3, indicating a Medium severity level. The vulnerability was published on [CVE.org](resourceLinkAnnotations:cve-org) and additional details can be found on [NVD](resourceLinkAnnotations:nvd).
- Vendor
- bunny.net
- Product
- Unknown
- CVSS
- MEDIUM 6.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of bunny.net plugin versions <= 2.3.6 should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by a Broken Access Control issue in the bunny.net plugin, allowing unauthorized access to sensitive data. The Common Weakness Enumeration (CWE) for this vulnerability is CWE-862.
Defensive priority
MEDIUM
Recommended defensive actions
- Update bunny.net plugin to a version greater than 2.3.6.
- Refer to [Patchstack](resourceLinkAnnotations:ref-4) for additional mitigation or vendor references.
Evidence notes
The CVE was published on 2026-06-15T21:16:38.190Z and modified on 2026-06-15T21:24:32.790Z. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.
Official resources
-
CVE-2025-68049 CVE record
CVE.org
-
CVE-2025-68049 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
This debrief was generated based on publicly available data from official sources.