CVE-2025-8791
BaseFortify
Publication date: 2025-08-10
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| litmuschaos | litmus | to 3.19.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8791 is a critical improper authorization vulnerability in LitmusChaos Litmus up to version 3.19.0. It occurs in the /auth/list_projects API endpoint where manipulation of the 'role' argument allows a low-privileged user (such as one with a 'Viewer' role) to escalate their privileges to 'Owner'. This happens because the system does not properly validate the role information, enabling unauthorized users to gain elevated access and perform restricted actions on project resources. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access and control over project resources within LitmusChaos. An attacker can escalate their privileges from a low-level role to a high-level role, allowing them to modify, delete, or otherwise manipulate project data and configurations. This impacts the confidentiality, integrity, and availability of the system, potentially leading to data breaches, service disruption, or unauthorized changes. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring and analyzing requests to the /auth/list_projects endpoint for manipulation of the 'role' argument. Since the exploit manipulates the role parameter to escalate privileges, network or application logs should be inspected for unusual or unauthorized role values in API responses or requests. Specific commands depend on your environment, but for example, using curl to test the endpoint with altered role parameters could help identify the vulnerability: curl -X GET 'https://<target>/auth/list_projects' with modified role values. Additionally, inspecting logs with grep or similar tools for suspicious role changes may help detect exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the /auth/list_projects endpoint to trusted users only, monitoring and logging all access to this endpoint for suspicious activity, and considering replacing or upgrading the affected LitmusChaos Litmus version if a fixed version becomes available. Since no official vendor response or patch is available, applying strict access controls and network segmentation to limit exposure is recommended. Additionally, reviewing and hardening authorization checks in your deployment or applying compensating controls to prevent unauthorized role manipulation can help reduce risk. [1]