CVE-2025-64753
BaseFortify
Publication date: 2025-11-13
Last updated on: 2025-11-20
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| getgrist | grist-core | to 1.7.7 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in grist-core versions prior to 1.7.7 allows a user with only partial read access to a document to access the /compare endpoint, which lists hashes for document versions and provides a full list of changes between versions. This means the user could see changes involving cells, columns, or tables they should not have permission to read. The issue was fixed in version 1.7.7 by restricting the /compare endpoint to users with full read access only.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive information within a document. Users with limited access could view changes and data they are not permitted to see, potentially exposing confidential or restricted information. This could compromise data confidentiality and privacy within the affected system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability could negatively impact compliance with data protection standards such as GDPR and HIPAA because it allows unauthorized access to sensitive information. Exposing data to users without proper authorization may violate requirements for data confidentiality and access controls mandated by these regulations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking if your grist-core server version is prior to 1.7.7 and if the `/compare` endpoint is accessible to users with partial read access. There are no specific commands provided, but you can test access by attempting to access the `/compare` endpoint with a user having only partial read access to a document and observing if it returns version hashes and change lists that should be restricted.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading grist-core to version 1.7.7 or later, which restricts the `/compare` endpoint to users with full read access. As a workaround, you can remove sensitive document history using the `/states/remove` endpoint or block access to the `/compare` endpoint entirely.