Skip to content

Commit a8535de

Browse files
advisory-database[bot]advisory-database[bot]
committed
1 parent a5e4809 commit a8535de

File tree

1 file changed

+30
-5
lines changed

1 file changed

+30
-5
lines changed

advisories/unreviewed/2025/10/GHSA-5m9m-j5p7-m7f9/GHSA-5m9m-j5p7-m7f9.json renamed to advisories/github-reviewed/2025/10/GHSA-5m9m-j5p7-m7f9/GHSA-5m9m-j5p7-m7f9.json

Lines changed: 30 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,40 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-5m9m-j5p7-m7f9",
4-
"modified": "2025-10-14T15:31:20Z",
4+
"modified": "2025-10-14T20:12:38Z",
55
"published": "2025-10-08T21:30:34Z",
66
"aliases": [
77
"CVE-2025-61524"
88
],
9-
"details": "An issue in the permission verification module and organization/application editing interface in Casdoor before 2.26.0 allows remote authenticated administrators of any organization within the system to bypass the system's permission verification mechanism by directly concatenating URLs after login",
9+
"summary": "Casdoor is vulnerable to Improper Authorization",
10+
"details": "An issue in the permission verification module and organization/application editing interface in Casdoor before 2.63.0 allows remote authenticated administrators of any organization within the system to bypass the system's permission verification mechanism by directly concatenating URLs after login.",
1011
"severity": [
1112
{
1213
"type": "CVSS_V3",
1314
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
1415
}
1516
],
16-
"affected": [],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Go",
21+
"name": "github.com/casdoor/casdoor"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "2.63.0"
32+
}
33+
]
34+
}
35+
]
36+
}
37+
],
1738
"references": [
1839
{
1940
"type": "ADVISORY",
@@ -27,6 +48,10 @@
2748
"type": "WEB",
2849
"url": "https://gist.github.com/DevHjz/e75cea851d48e5f5478ac2a90757851a"
2950
},
51+
{
52+
"type": "PACKAGE",
53+
"url": "https://github.com/casdoor/casdoor"
54+
},
3055
{
3156
"type": "WEB",
3257
"url": "https://github.com/casdoor/casdoor/releases/tag/v2.63.0"
@@ -41,8 +66,8 @@
4166
"CWE-285"
4267
],
4368
"severity": "HIGH",
44-
"github_reviewed": false,
45-
"github_reviewed_at": null,
69+
"github_reviewed": true,
70+
"github_reviewed_at": "2025-10-14T20:12:38Z",
4671
"nvd_published_at": "2025-10-08T19:15:44Z"
4772
}
4873
}

0 commit comments

Comments
 (0)