Home > Vulnerability Database > CVE-2025-61524

Mend.io Vulnerability Database

CVE-2025-61524

Good to know:

Date: October 7, 2025

An issue in the permission verification module and organization/application editing interface in Casdoor v2.26.0 and before, and fixed in v.2.63.0, allows remote authenticated administrators of any organization within the system to bypass the system's permission verification mechanism by directly concatenating URLs after login

Severity Score

7.2

Related Resources (7)

Url: https://gist.github.com/DevHjz/e75cea851d48e5f5478ac2a90757851a

Url: https://github.com/casdoor/casdoor/releases/tag/v2.63.0

Url: https://github.com/casdoor/casdoor

Url: http://casdoor.com

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-61524

Url: https://github.com/casdoor/casdoor/commit/d883db907bb6e0b95737ef8e8b57b7da9078cbdd

Url: https://www.mend.io/vulnerability-database/CVE-2025-61524

Severity Score

7.2

Weakness Type (CWE)

Improper Authorization

CWE-285

Top Fix

Upgrade Version

Upgrade to version github.com/casdoor/casdoor - v2.26.0;github.com/casdoor/casdoor - v2.63.0

Learn More

CVSS v3.1

Base Score:	7.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-61524

Good to know:

Date: October 7, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?