CVE-2025-62516 – Landlord Onboarding & Rental Signup Unauthorized Access Vulnerability in TurboTenant Stripe Integration

CVE ID : CVE-2025-62516

Published : Oct. 27, 2025, 8:15 p.m. | 29 minutes ago

Description : Landlord Onboarding & Rental Signup introduces the landlord onboarding workflow and rental signup system for VivaTurbo Rentals & Property Services. In 2.0.0 and earlier, a vulnerability was identified in the TurboTenant property listing activation workflow that could allow unauthorized access to certain Stripe payment session data. This could potentially expose sensitive business metadata, including landlord dashboard sync details and tenant information. The issue affects the API endpoints handling the property listing activation, subscription metadata, and payment link generation.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…