Publish GHSA-pm3x-jrhh-qcr7

Author: advisory-database[bot]

advisories/github-reviewed/2025/11/GHSA-pm3x-jrhh-qcr7/GHSA-pm3x-jrhh-qcr7.json

@@ -1,14 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pm3x-jrhh-qcr7",
-  "modified": "2025-11-13T22:58:20Z",
+  "modified": "2025-11-21T15:35:01Z",
   "published": "2025-11-13T22:58:20Z",
   "aliases": [
     "CVE-2025-64529"
   ],
   "summary": "SpiceDB WriteRelationships fails silently if payload is too big",
   "details": "### Impact\n\nUsers who:\n1. Use the exclusion operator somewhere in their authorization schema.\n1. Have configured their SpiceDB server such that `--write-relationships-max-updates-per-call` is bigger than 6500.\n1. Issue calls to WriteRelationships with a large enough number of updates that cause the payload to be bigger than what their datastore allows.\n\nUsers will:\n\n1. Receive a successful response from their `WriteRelationships` call, when in reality that call failed.\n2. Receive incorrect permission check results, if those relationships had to be read to resolve the relation involving the exclusion.\n\n### Patches\n\nUpgrade to v.145.2.\n\n### Workarounds\n\nSet `--write-relationships-max-updates-per-call` to `1000`.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U"