CVE-2025-64751
BaseFortify
Publication date: 2025-11-21
Last updated on: 2025-12-31
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openfga | helm_charts | From 0.1.34 (inc) to 0.2.49 (exc) |
| openfga | openfga | From 1.4.0 (inc) to 1.11.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in OpenFGA versions 1.4.0 to 1.11.0 involves improper policy enforcement when certain Check and ListObject calls are executed. This means that the authorization engine may not correctly enforce access control policies, potentially allowing unauthorized access or actions. The issue has been fixed in version 1.11.1.
How can this vulnerability impact me? :
The vulnerability can lead to improper enforcement of authorization policies, which may allow users to access resources or perform actions they are not permitted to. This can compromise the security of applications relying on OpenFGA for permission management.
What immediate steps should I take to mitigate this vulnerability?
Upgrade OpenFGA to version 1.11.1 or later, as this version contains the patch for the improper policy enforcement vulnerability.