216.73.217.86

CVE-2025-55213

· Published 18/08/2025 20:15 · Modified 18/08/2025 20:16

Labels: CVE-2025-55213 2025-08-18CVE-2025-55213CWE-863[email protected]

Essential information

Published
18/08/2025 20:15
Modified
18/08/2025 20:16
Author
Creator
CVSS
5.8 MEDIUM (v3) 5.8 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.9.3 to v1.9.4 ( openfga-0.2.40 <= Helm chart <= openfga-0.2.41, v1.9.3 <= docker <= v.1.9.4) are vulnerable to improper policy enforcement when certain Check and ListObject calls are executed. This vulnerability is fixed in 1.9.5.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
openfga / openfga cpe:2.3:a:openfga:openfga:1.9.3-1.9.4:*:*:*:*:*:*:*
openfga / openfga cpe:2.3:a:openfga:openfga:1.9.5:*:*:*:*:*:*:*

References