CVE-2025-57817

High CVSS: 8.6

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with `client:create` or `client:update` permissions to escalate their privileges to owner-level. Version 2.69.1 fixes the issue. No known workarounds are available.

Vendor

Ethyca

Product

Fides

CWE

CWE-862

Yayın Tarihi

2025-09-08 22:15:33

Güncelleme

2025-09-10 18:41:28

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-862 Fides HIGH Ethyca 2025

Referanslar

https://github.com/ethyca/fides/commit/2ffd125e1089a09b84c27fb5279a05960cbf2452 https://github.com/ethyca/fides/releases/tag/2.69.1 https://github.com/ethyca/fides/security/advisories/GHSA-hjfh-p8f5-24wr

Benzer Kayıtlar

Low

CVE-2025-57766

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, admin UI user password changes in Fides d…

Low

CVE-2025-57815

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies…

Medium

CVE-2025-57816

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Webserver API's built-in IP-bas…