Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-59036

Good to know:

icon
icon

Date: September 9, 2025

Infrahub offers a central hub to manage data, templates, and playbooks. Prior to versiond 1.3.9 and 1.4.5, a bug in the authentication logic will cause API tokens that were deleted and/or expired to be considered valid. This means that any API token that is associated with an active user account can authenticate successfully. This issue is fixed in versions 1.3.9 and 1.4.5. As a workaround, users can delete or deactivate the account associated with a deleted API token to prevent that token from authenticating.

Severity Score

Related Resources (8)

https://github.com/opsmill/infrahub/security/advisories/GHSA-v2p7-4pv4-3wwh
https://github.com/opsmill/infrahub
https://github.com/opsmill/infrahub/releases/tag/infrahub-v1.3.9
https://github.com/opsmill/infrahub/commit/61b49a4a9e988f10c3a44f0e86ef97f344a1e228
https://github.com/opsmill/infrahub/releases/tag/infrahub-v1.4.5
https://github.com/opsmill/infrahub/commit/215185f217e2f754f7c0a0aa4b77e11079a063a1
https://nvd.nist.gov/vuln/detail/CVE-2025-59036
https://www.mend.io/vulnerability-database/CVE-2025-59036

Severity Score

Weakness Type (CWE)

Improper Validation of Certificate Expiration

CWE-298

Top Fix

icon

Upgrade Version

Upgrade to version infrahub-server - 1.3.9;infrahub-server - 1.4.5;infrahub-server - 1.3.9;https://github.com/opsmill/infrahub.git - infrahub-v1.3.9;https://github.com/opsmill/infrahub.git - infrahub-v1.4.5

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

Do you need more information?

Contact Us