
We found results for “”
CVE-2025-57817
Good to know:


Date: September 8, 2025
Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with "client:create" or "client:update" permissions to escalate their privileges to owner-level. Version 2.69.1 fixes the issue. No known workarounds are available.
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Missing Authorization
CWE-862Top Fix

CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | HIGH |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | LOW |