CVE-2025-8795
BaseFortify
Publication date: 2025-08-10
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| litmuschaos | litmus | to 3.19.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8795 is a broken access control vulnerability in LitmusChaos Litmus up to version 3.19.0. It occurs at the /auth/login endpoint where, after authentication, the server returns a list of project IDs and roles accessible to the user. This data is stored client-side and used by the frontend to control access. However, the backend does not verify if the user is authorized to access manipulated projectID values. An attacker can intercept and modify the projectID values in the login response to gain unauthorized access to other users' projects, leading to privilege escalation and exposure of internal project data. This vulnerability results from excessive trust in client-side data and lack of server-side access validation. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to bypass access controls and gain unauthorized access to other users' projects within LitmusChaos. This leads to privilege escalation and exposure of confidential project data, impacting the confidentiality, integrity, and availability of the system. The attack can be initiated remotely and is easy to exploit, with a public proof-of-concept available. Since no mitigation or vendor response exists, affected users face significant risk of unauthorized data access and potential system compromise. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring and intercepting traffic to the /auth/login endpoint of LitmusChaos Litmus up to version 3.19.0. Specifically, you can capture and analyze the login response to check if the projectID argument is present and whether it can be manipulated to access unauthorized projects. Using tools like curl or intercepting proxies (e.g., Burp Suite or OWASP ZAP), you can send login requests and inspect or modify the projectID values in the response to test for improper access control. Example command to capture login response: curl -i -X POST https://<target>/auth/login -d '{"username":"user","password":"pass"}' -H 'Content-Type: application/json'. Then, intercept and modify the projectID in the response to verify unauthorized access. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable LitmusChaos Litmus versions (up to 3.19.0) by limiting network exposure, such as firewall rules or network segmentation. Since no vendor patch or fix is available and the vendor has not responded, users are advised to consider replacing the affected product with an alternative solution. Additionally, monitor for suspicious activity related to the /auth/login endpoint and avoid trusting client-side data for access control. Applying strict server-side validation of projectID parameters is necessary but requires code changes not currently available. [2]