CVE-2025-57815
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-08

Last updated on: 2025-09-10

Assigner: GitHub, Inc.

Description
Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to conduct credential testing attacks, such as credential stuffing or password spraying, which poses a risk to accounts with weak or previously compromised passwords. Version 2.69.1 fixes the issue. For organizations with commercial Fides Enterprise licenses, configuring Single Sign-On (SSO) through an OIDC provider (like Azure, Google, or Okta) is an effective workaround. When OIDC SSO is enabled, username/password authentication can be disabled entirely, which eliminates this attack vector. This functionality is not available for Fides Open Source users.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-08
Last Modified
2025-09-10
Generated
2026-06-16
AI Q&A
2025-09-09
EPSS Evaluated
2026-06-14
NVD
CVE-2025-57815
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ethyca fides to 2.69.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-307 The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects the Fides Admin UI login endpoint prior to version 2.69.1. The login endpoint uses a general IP-based rate limit for all API traffic but lacks specific anti-automation controls to prevent brute-force attacks. As a result, attackers can perform credential testing attacks such as credential stuffing or password spraying, targeting accounts with weak or compromised passwords. The issue is fixed in version 2.69.1, and for commercial Fides Enterprise users, enabling Single Sign-On (SSO) via an OIDC provider can eliminate this attack vector by disabling username/password authentication.

Impact Analysis

This vulnerability can allow attackers to perform automated credential testing attacks against your Fides Admin UI login, potentially leading to unauthorized access to accounts with weak or previously compromised passwords. This could result in account compromise and unauthorized actions within the platform.

Mitigation Strategies

To mitigate this vulnerability, immediately upgrade Fides to version 2.69.1 or later. For organizations with commercial Fides Enterprise licenses, configure Single Sign-On (SSO) through an OIDC provider such as Azure, Google, or Okta, and disable username/password authentication entirely to eliminate the attack vector. For Fides Open Source users, upgrading to the fixed version is the primary mitigation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-57815. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart