CVE-2025-61524
HIGH7.2EPSS 0.11%Casdoor is vulnerable to Improper Authorization
發布日:2025/10/8修改日:2025/11/5
描述
An issue in the permission verification module and organization/application editing interface in Casdoor before 2.63.0 allows remote authenticated administrators of any organization within the system to bypass the system's permission verification mechanism by directly concatenating URLs after login.
受影響套件(2)
- Go/github.com/casdoor/casdoorfrom 0, < 2.63.0
- Go/github.com/casdoor/casdoorfrom 0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.2 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
參考連結(7)
- ADVISORYhttps://github.com/advisories/GHSA-5m9m-j5p7-m7f9
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-61524
- PATCHhttps://github.com/casdoor/casdoor
- WEBhttp://casdoor.com
- WEBhttps://gist.github.com/DevHjz/e75cea851d48e5f5478ac2a90757851a
- WEBhttps://github.com/casdoor/casdoor/commit/d883db907bb6e0b95737ef8e8b57b7da9078cbdd
- WEBhttps://github.com/casdoor/casdoor/releases/tag/v2.63.0