CVE-2025-14987

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-14987

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14987.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-14987

Aliases

Downstream

SUSE-SU-2026:0142-1

Related

SUSE-SU-2026:0142-1

Published

2025-12-30T21:15:43.343Z

Modified

2026-04-10T05:21:40.582983Z

Severity

5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

When system.enableCrossNamespaceCommands is enabled (on by default), the Temporal server permits certain workflow task commands (e.g. StartChildWorkflowExecution, SignalExternalWorkflowExecution, RequestCancelExternalWorkflowExecution) to target a different namespace than the namespace authorized at the gRPC boundary. The frontend authorizes RespondWorkflowTaskCompleted based on the outer request namespace, but the history service later resolves and executes the command using the namespace embedded in command attributes without authorizing the caller for that target namespace. This can allow a worker authorized for one namespace to create, signal, or cancel workflows in another namespace. This issue affects Temporal: through 1.29.1. Fixed in 1.27.4, 1.28.2, 1.29.2.

References

Affected packages

Git / github.com/temporalio/temporal

Affected ranges

Type

GIT

Repo

https://github.com/temporalio/temporal

Events

Introduced

Last affected

4c2403736409e6f38972df3be4de480026a5b6fa

Fixed

3162b75c656c0c38d43ff834c9ddc6fffc6abc73

Fixed

09d90574e0f0ca65c33e19dc32a32f63579fc229

Fixed

dfc3c9ad65407c0f81e99c2db2d33fa0a52e8633

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.29.1."
        }
    ]
}

Affected versions

Other

dummy-tag

norbert-109

norbert/wip

v.*

v.0.29.0

v0.*

v0.1.0-beta

v0.1.1-beta

v0.10.0

v0.2.0

v0.20.0

v0.21.0

v0.21.1

v0.23.0

v0.23.1

v0.25.0

v0.26.0

v0.27.0

v0.28.0

v0.3.0

v0.3.1

v0.3.11

v0.3.12

v0.3.13

v0.3.14

v0.3.15

v0.3.2

v0.3.3

v0.3.4

v0.3.5

v0.3.6

v0.3.7

v0.3.8

v0.3.9

v0.30.0

v0.31.0

v0.4.0

v0.5.3

v0.5.4

v0.5.5

v0.8.0

v0.8.1

v1.*

v1.0.0

v1.0.0-rc1

v1.1.0

v1.10.0

v1.11.0

v1.12.0

v1.13.0

v1.15.0

v1.16.0

v1.18.0

v1.20.0

v1.22.0-rc1

v1.23.0-rc0

v1.23.0-rc1

v1.23.0-rc2

v1.24.0-m1

v1.24.0-m2.1

v1.24.0-m2.2

v1.24.0-m3.0

v1.25.0-113.0

v1.25.0-114.0

v1.25.0-115.0

v1.25.0-116.0

v1.25.0-117.0

v1.25.0-118.0

v1.25.0-119.0

v1.25.0-rc.1

v1.26.0

v1.26.0-120

v1.26.1-121.0

v1.26.2-121.0

v1.26.2-122.0

v1.26.2-123.0

v1.26.2-124.0

v1.27.0

v1.27.0-126.0

v1.27.0-127.0

v1.27.0-rc.0

v1.27.1

v1.27.2

v1.27.3

v1.28.0

v1.28.0-129.0

v1.28.0-130.0

v1.28.0-131.0

v1.28.0-132.0

v1.28.0-134.2

v1.28.0-134.4

v1.28.0-rc.1

v1.28.1

v1.29.0

v1.29.0-135.0

v1.29.0-142.0

v1.29.0-142.1

v1.29.1

v1.4.0

v1.5.0

v1.6.0

v1.7.0

v1.8.0

v1.9.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14987.json"