CVE-2025-53709
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-10

Last updated on: 2025-07-15

Assigner: Palantir Technologies

Description
Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments. Under specific circumstances, privileged users of secure-upload could have selected email templates not necessarily created for their enrollment when sending data upload requests. Authenticated and privileged users of one enrollment could have abused an endpoint to redirect existing submission channels to a dataset they control. An endpoint handling domain validation allowed unauthenticated users to enumerate existing enrollments. Finally, other endpoints allowed enumerating if a resource with a known RID exists across enrollments. The affected service has been patched with version 0.815.0 and automatically deployed to all Apollo-managed Foundry instances.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-10
Last Modified
2025-07-15
Generated
2026-05-27
AI Q&A
2025-07-10
EPSS Evaluated
2026-05-25
NVD
CVE-2025-53709
EUVD
EUVD-2025-21048
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
palantir secure-upload 0.815.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability affects the secure-upload service, which validates single-use tokens for data submissions. Privileged users could misuse the system by selecting email templates not intended for their enrollment, redirect submission channels to datasets they control, and unauthenticated users could enumerate existing enrollments and resources. These issues could lead to unauthorized data access or manipulation.


How can this vulnerability impact me? :

The vulnerability could allow privileged users to manipulate data submissions and redirect channels to datasets they control, potentially leading to unauthorized data access or data integrity issues. Additionally, unauthenticated users could enumerate enrollments and resources, which may expose sensitive information about the system's structure or data.


What immediate steps should I take to mitigate this vulnerability?

The affected service has been patched with version 0.815.0 and this patch has been automatically deployed to all Apollo-managed Foundry instances. Immediate mitigation involves ensuring your secure-upload service is updated to version 0.815.0 or later.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart