CVE-2025-54599
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-02

Last updated on: 2025-09-10

Assigner: MITRE

Description
The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows account takeover, if SSO is used, when a victim changes the email address that they have configured. To exploit this, an attacker would create their own account and perform an SSO login. The root cause of the issue is SSO misconfiguration.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-02
Last Modified
2025-09-10
Generated
2026-06-16
AI Q&A
2025-09-02
EPSS Evaluated
2026-06-14
NVD
CVE-2025-54599
EUVD
EUVD-2025-26449
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
bevy events_and_groups to 2025-07-22 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Bevy Event service involves a misconfiguration of Single Sign-On (SSO) that allows an attacker to take over a victim's account. When a user changes their email address within Bevy CMS, this change is not synchronized with the main domain's identity provider. An attacker can exploit this by creating an SSO account with the updated email address that the victim set in Bevy CMS but which the identity provider still associates with the old email. This discrepancy enables the attacker to hijack the victim's account without user interaction. [1]

Impact Analysis

The vulnerability can lead to unauthorized account takeover, allowing attackers to gain access to sensitive or privileged data within Bevy CMS instances that use SSO. Depending on the victim's role, this could include access to internal communications, event data, or administrative interfaces, potentially compromising the security and privacy of the affected system. [1]

Detection Guidance

Detection of this vulnerability involves monitoring for discrepancies between email addresses in Bevy CMS and the identity provider used for SSO. Specifically, look for users who have changed their email address in Bevy CMS but whose email remains unchanged in the identity provider. Commands or scripts would need to query both Bevy CMS user data and the identity provider's user records to identify mismatches. Since no specific detection commands are provided, a recommended approach is to audit user email synchronization between Bevy CMS and the identity provider regularly. [1]

Mitigation Strategies

Immediate mitigation steps include disabling the ability for users to change their email address within Bevy CMS until a fix is available, or ensuring that any email address changes in Bevy CMS are synchronized immediately with the identity provider to prevent mismatches. Additionally, review and correct the SSO configuration to ensure proper synchronization of user identity attributes. Monitoring for suspicious account activity related to email changes is also advised. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-54599. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart