Home > Vulnerability Database > CVE-2025-65111

Mend.io Vulnerability Database

CVE-2025-65111

Good to know:

Date: November 21, 2025

SpiceDB is an open source database system for creating and managing security-critical application permissions. Prior to version 1.47.1, if a schema includes the following characteristics: permission defined in terms of a union (+) and that union references the same relation on both sides (but one side arrows to a different permission). Then SpiceDB may have missing LookupResources results when checking the permission. This only affects LookupResources; other APIs calculate permissionship correctly. The issue is fixed in version 1.47.1.

Severity Score

5.3

Related Resources (5)

Url: https://github.com/authzed/spicedb/commit/8c2edbe1e7bd3851fa2138f4cc344bfde986dcf2

Url: https://github.com/authzed/spicedb

Url: https://github.com/authzed/spicedb/security/advisories/GHSA-9m7r-g8hg-x3vr

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-65111

Url: https://www.mend.io/vulnerability-database/CVE-2025-65111

Severity Score

5.3

Weakness Type (CWE)

Insecure Inherited Permissions

CWE-277

Top Fix

Upgrade Version

Upgrade to version github.com/authzed/spicedb - v1.47.1

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-65111

Good to know:

Date: November 21, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?