CVE-2025-24365

High CVSS: 8.1

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker can obtain owner rights of other organization. Hacker should know the ID of victim organization (in real case the user can be a part of the organization as an unprivileged user) and be the owner/admin of other organization (by default you can create your own organization) in order to attack. This vulnerability is fixed in 1.33.0.

Vendor

Dani-garcia

Product

Vaultwarden

CWE

CWE-284

Yayın Tarihi

2025-01-27 18:15:41

Güncelleme

2025-08-20 13:56:46

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-284 Vaultwarden HIGH Dani-garcia 2025

Referanslar

https://github.com/dani-garcia/vaultwarden/releases/tag/1.33.0 https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-j4h8-vch3-f797

Benzer Kayıtlar

High

CVE-2026-27802

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to versi…

High

CVE-2026-27803

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to versi…

Medium

CVE-2026-27898

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to versi…

Medium

CVE-2026-27801

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Vaultwarden ve…

Medium

CVE-2026-26012

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to 1.35.…

High

CVE-2025-24364

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker with…