CVE-2025-8793
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-10

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability classified as problematic was found in LitmusChaos Litmus up to 3.19.0. Affected by this vulnerability is an unknown functionality. The manipulation of the argument projectID leads to improper control of resource identifiers. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-10
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-08-10
EPSS Evaluated
2026-05-05
NVD
CVE-2025-8793
EUVD
EUVD-2025-24073
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
litmuschaos litmus to 3.19.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-99 The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-8793 is a resource injection vulnerability in LitmusChaos Litmus versions up to 3.19.0. It occurs because the application improperly handles the 'projectID' argument, allowing an attacker to manipulate this input to control resource identifiers without proper validation. This can lead to unauthorized access to resources or data outside the intended scope. The vulnerability can be exploited remotely and affects confidentiality. [1, 2]


How can this vulnerability impact me? :

This vulnerability can allow a low-privileged user to manipulate the 'projectID' parameter to access sensitive project data they are not authorized to view. This leads to unauthorized data exposure and a breach of confidentiality. Since the exploit is publicly available and the vendor has not provided any fixes or mitigations, affected users are at risk of remote exploitation. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection can focus on monitoring API requests that include the projectID parameter for unauthorized or unusual access patterns. For example, inspecting HTTP requests to LitmusChaos API endpoints for projectID values that do not match the authenticated user's permissions. Commands such as using curl or wget to test access with manipulated projectID values can help identify the vulnerability. Example command: curl -X GET "http://<litmuschaos-server>/api/projects?projectID=xyz789" -H "Authorization: Bearer <token>" to see if unauthorized project data is accessible. Additionally, network monitoring tools can be used to detect suspicious requests with altered projectID parameters. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

Currently, there are no known patches or vendor-provided mitigations for this vulnerability. Immediate steps include restricting access to the affected LitmusChaos versions (up to 3.19.0), limiting network exposure of the service, and monitoring for exploitation attempts. Consider replacing the affected product with an alternative that does not have this vulnerability. Implement strict access controls and audit API usage to detect and prevent unauthorized projectID manipulation. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart