A security vulnerability has been identified in Obsidian Scheduler (version 5.0.0 through 6.3.0). The issue involves improper enforcement of access controls that may allow unauthorized access in certain configurations.

The vendor has acknowledged the issue and is tracking it internally. A patch is expected in an upcoming release.

This page will be updated with full technical details, impact assessment, and mitigation guidance once coordinated disclosure is complete and the vendor has released a fix.

Status: Vendor notified and patch expected in August 2025.
CVE: CVE-2025-56449
Disclosure timeline and details forthcoming.

Update 08/01/2025: Full write up with steps to reproduce.