CVE-2025-64751

Medium CVSS: 5.8

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.4.0 to v1.11.0 ( openfga-0.1.34 <= Helm chart <= openfga-0.2.48, v.1.4.0 <= docker <= v.1.11.0) are vulnerable to improper policy enforcement when certain Check and ListObject calls are executed. This issue has been patched in version 1.11.1.

Vendor

Openfga

Product

Helm Charts

CWE

CWE-285

Yayın Tarihi

2025-11-21 02:15:43

Güncelleme

2025-12-31 13:43:35

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-285 Helm Charts MEDIUM Openfga 2025

Referanslar

https://github.com/openfga/openfga/releases/tag/v1.11.1 https://github.com/openfga/openfga/security/advisories/GHSA-2c64-vmv2-hgfc

Benzer Kayıtlar

Medium

CVE-2026-24851

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Z…

Medium

CVE-2025-55213

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Z…

Medium

CVE-2025-48371

OpenFGA is an authorization/permission engine. OpenFGA versions 1.8.0 through 1.8.12 (corresponding to Helm chart openfg…

Medium

CVE-2025-25196

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Z…

Medium

CVE-2024-56323

OpenFGA is an authorization/permission engine. IN OpenFGA v1.3.8 to v1.8.2 (Helm chart openfga-0.1.38 to openfga-0.2.19,…