CVE-2025-57817
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-08

Last updated on: 2025-09-10

Assigner: GitHub, Inc.

Description
Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with `client:create` or `client:update` permissions to escalate their privileges to owner-level. Version 2.69.1 fixes the issue. No known workarounds are available.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-08
Last Modified
2025-09-10
Generated
2026-06-16
AI Q&A
2025-09-09
EPSS Evaluated
2026-06-15
NVD
CVE-2025-57817
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ethyca fides to 2.69.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Fides, an open-source privacy engineering platform, involves improper authorization in the OAuth client creation and update endpoints of the Fides Webserver API prior to version 2.69.1. Specifically, users with high-level permissions to create or update clients can escalate their privileges to owner-level due to insufficient scope authorization checks.

Impact Analysis

The vulnerability allows highly privileged users to escalate their privileges to owner-level, potentially giving them full control over OAuth clients and associated data. This could lead to unauthorized access, modification, or misuse of sensitive information within the Fides platform.

Mitigation Strategies

Upgrade Fides to version 2.69.1 or later, as this version fixes the improper authorization issue in the OAuth client creation and update endpoints. There are no known workarounds available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-57817. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart