CVE-2025-23015
- Source
- https://cve.org/CVERecord?id=CVE-2025-23015
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-23015.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-23015
- Aliases
- Downstream
- Related
- Published
- 2025-02-04T10:15:09.097Z
- Modified
- 2026-02-13T02:48:56.518982Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches.
This issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2.
Users are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue.
- References
-
- https://lists.apache.org/thread/jmks4msbgkl65ssg69x728sv1m0hwz3s
- http://www.openwall.com/lists/oss-security/2025/02/03/2
- http://www.openwall.com/lists/oss-security/2025/02/11/1
- https://security.netapp.com/advisory/ntap-20250214-0006/
- https://lists.apache.org/thread/jmks4msbgkl65ssg69x728sv1m0hwz3s
- https://lists.apache.org/thread/jmks4msbgkl65ssg69x728sv1m0hwz3s
- http://www.openwall.com/lists/oss-security/2025/02/03/2
- http://www.openwall.com/lists/oss-security/2025/02/11/1
Affected packages
Git / github.com/apache/cassandra
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/cassandra
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixed
Affected versions
cassandra-2.*
cassandra-2.1.12
cassandra-2.1.13
cassandra-2.1.14
cassandra-2.1.15
cassandra-2.1.16
cassandra-2.1.17
cassandra-2.1.18
cassandra-2.1.19
cassandra-2.1.20
cassandra-2.1.21
cassandra-2.1.22
cassandra-2.2.10
cassandra-2.2.11
cassandra-2.2.12
cassandra-2.2.13
cassandra-2.2.14
cassandra-2.2.15
cassandra-2.2.16
cassandra-2.2.17
cassandra-2.2.18
cassandra-2.2.19
cassandra-2.2.4
cassandra-2.2.5
cassandra-2.2.6
cassandra-2.2.8
cassandra-2.2.9
cassandra-3.*
cassandra-3.0.0
cassandra-3.0.1
cassandra-3.0.10
cassandra-3.0.11
cassandra-3.0.12
cassandra-3.0.13
cassandra-3.0.14
cassandra-3.0.15
cassandra-3.0.16
cassandra-3.0.17
cassandra-3.0.18
cassandra-3.0.19
cassandra-3.0.20
cassandra-3.0.21
cassandra-3.0.22
cassandra-3.0.23
cassandra-3.0.24
cassandra-3.0.25
cassandra-3.0.26
cassandra-3.0.28
cassandra-3.0.29
cassandra-3.0.3
cassandra-3.0.30
cassandra-3.0.31
cassandra-3.0.4
cassandra-3.0.5
cassandra-3.0.6
cassandra-3.0.7
cassandra-3.0.9
cassandra-3.1
cassandra-3.10
cassandra-3.11.0
cassandra-3.11.1
cassandra-3.11.10
cassandra-3.11.11
cassandra-3.11.12
cassandra-3.11.14
cassandra-3.11.15
cassandra-3.11.16
cassandra-3.11.17
cassandra-3.11.18
cassandra-3.11.2
cassandra-3.11.3
cassandra-3.11.4
cassandra-3.11.5
cassandra-3.11.6
cassandra-3.11.7
cassandra-3.11.8
cassandra-3.11.9
cassandra-3.2
cassandra-3.3
cassandra-3.4
cassandra-3.5
cassandra-3.6
cassandra-3.7
cassandra-3.8
cassandra-3.9
cassandra-4.*
cassandra-4.0-alpha1
cassandra-4.0-alpha2
cassandra-4.0-alpha3
cassandra-4.0-alpha4
cassandra-4.0-beta1
cassandra-4.0-beta2
cassandra-4.0-beta3
cassandra-4.0-beta4
cassandra-4.0-rc1
cassandra-4.0-rc2
cassandra-4.0.1
cassandra-4.0.10
cassandra-4.0.11
cassandra-4.0.12
cassandra-4.0.13
cassandra-4.0.14
cassandra-4.0.15
cassandra-4.0.16
cassandra-4.0.2
cassandra-4.0.3
cassandra-4.0.5
cassandra-4.0.6
cassandra-4.0.7
cassandra-4.0.9
cassandra-4.1.7
cassandra-4.1.8
cassandra-5.*
cassandra-5.0.0
cassandra-5.0.1
cassandra-5.0.2