CVE-2025-57815
- Source
- https://cve.org/CVERecord?id=CVE-2025-57815
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-57815.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-57815
- Aliases
- Published
- 2025-09-08T21:11:53.369Z
- Modified
- 2026-04-10T05:31:12.741385Z
- Severity
-
- 1.7 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator
- Summary
- Fides Lacks Brute-Force Protections on Authentication Endpoints
- Details
-
Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to conduct credential testing attacks, such as credential stuffing or password spraying, which poses a risk to accounts with weak or previously compromised passwords. Version 2.69.1 fixes the issue. For organizations with commercial Fides Enterprise licenses, configuring Single Sign-On (SSO) through an OIDC provider (like Azure, Google, or Okta) is an effective workaround. When OIDC SSO is enabled, username/password authentication can be disabled entirely, which eliminates this attack vector. This functionality is not available for Fides Open Source users.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/57xxx/CVE-2025-57815.json", "cwe_ids": [ "CWE-307" ], "cna_assigner": "GitHub_M" }- References
-
- https://github.com/ethyca/fides/releases/tag/2.69.1
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/57xxx/CVE-2025-57815.json
- https://github.com/ethyca/fides/security/advisories/GHSA-7q62-r88r-j5gw
- https://nvd.nist.gov/vuln/detail/CVE-2025-57815
- https://github.com/ethyca/fides/commit/59903c195e2f9f8915a1db94950aefd557033a5c
Affected packages
Git / github.com/ethyca/fides
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ethyca/fides
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8
0.9.8.1
0.9.8.2
0.9.8.3
0.9.8.4
0.9.9
1.*
1.0.0
1.1.0
1.1.1
1.2.0
1.3.0
1.3.1
1.4.0
1.4.1
1.5.0
1.5.1
1.5.2
1.6.0
1.7.0
1.8.0
1.8.1
1.8.2
1.8.3
1.8.4
1.9.0
1.9.1
1.9.2
1.9.9
2.*
2.0.0
2.0.0-beta.1
2.0.0-beta.2
2.0.0-beta.3
2.10.1b0
2.10.1b1
2.10.1b2
2.10.1b3
2.11.1b0
2.11.1b1
2.11.1b2
2.11.1b3
2.11.1b4
2.11.1b5
2.11.1b6
2.12.1b0
2.12.1b1
2.12.1b2
2.12.1b3
2.12.1b4
2.12.2b0
2.12.2b1
2.12.2b2
2.13.1b0
2.13.1b1
2.13.1b2
2.14.1b0
2.14.1b1
2.14.1b2
2.14.2b0
2.14.3b0
2.15.1b0
2.15.1b1
2.15.2b0
2.16.1b0
2.16.1b1
2.17.1b0
2.18.1b0
2.18.1b1
2.18.1b2
2.18.1b3
2.18.1b4
2.18.1b5
2.18.1b6
2.18.1b7
2.19.1b0
2.19.2b0
2.19.2b1
2.19.2b2
2.20.1b0
2.20.1b1
2.20.1b2
2.20.1b3
2.20.1b4
2.20.2b0
2.20.3b0
2.20.3b1
2.20.3b2
2.21.0rc0
2.21.1b0
2.21.1b1
2.21.1b2
2.21.1b3
2.22.1b0
2.22.1b1
2.22.1b2
2.22.1b3
2.22.2b0
2.22.2b1
2.22.2b2
2.22.2b3
2.23.1b0
2.23.2b0
2.23.3b0
2.23.3b1
2.23.3b2
2.23.3b3
2.24.1b0
2.24.1b1
2.24.2b0
2.24.2b1
2.25.1b0
2.25.1b1
2.25.1b2
2.25.1b3
2.25.1b4
2.26.1b0
2.26.1b1
2.27.1b0
2.27.1b1
2.28.1b0
2.28.1b1
2.29.1b0
2.29.1b1
2.30.1b0
2.30.2b0
2.30.2b1
2.31.1b0
2.31.1b2
2.32.1b0
2.32.1b1
2.32.1b2
2.33.1b0
2.33.2b0
2.34.1b0
2.34.2b0
2.34.2b1
2.34.2b2
2.34.2b3
2.35.2b0
2.35.2b1
2.36.1b0
2.36.2b0
2.36.2b1
2.36.2b2
2.36.2b3
2.36.2b4
2.36.2b5
2.37.1b0
2.37.1b1
2.37.1b2
2.37.1b3
2.37.1b4
2.38.1b0
2.38.1b1
2.38.2b0
2.38.2b1
2.38.2b2
2.38.2b3
2.39.1b0
2.39.2b0
2.40.1b0
2.40.1b1
2.41.1b0
2.41.1b1
2.41.1b2
2.41.1b3
2.41.1b4
2.42.1b0
2.42.2b0
2.42.2b1
2.42.2b2
2.42.2b3
2.42.2b4
2.43.1b0
2.43.3b0
2.43.3b1
2.43.3b2
2.44.1b0
2.44.1b1
2.44.1b2
2.44.1b3
2.44.1b4
2.44.1b5
2.45.1b0
2.45.3b0
2.45.3b1
2.45.3b2
2.45.3b3
2.45.3b4
2.46.1b0
2.46.1b1
2.46.1b2
2.46.1b3
2.46.1b4
2.46.2b0
2.46.3b0
2.46.3b1
2.47.1b0
2.47.2b0
2.47.2b1
2.47.2b2
2.47.2b3
2.48.1b0
2.48.1b1
2.48.2b0
2.49.2a0
2.49.2b0
2.50.1b0
2.51.1b0
2.51.3b0
2.51.3b1
2.51.3b2
2.52.1b0
2.52.1b1
2.52.1b2
2.53.1b0
2.53.1b1
2.54.1b0
2.54.1b1
2.54.1b2
2.54.1b3
2.54.1b4
2.54.1b5
2.54.1b6
2.54.1b7
2.55.1b0
2.55.1b1
2.55.1b2
2.55.1b3
2.55.3b0
2.55.3b1
2.55.5b0
2.55.5b1
2.55.5b2
2.56.1b0
2.56.1b1
2.56.1b2
2.56.1b3
2.56.2b0
2.56.2b1
2.56.3b0
2.56.3b1
2.56.3b2
2.57.1b0
2.57.1b1
2.57.1b2
2.57.1b3
2.57.1b4
2.57.1b5
2.57.1b6
2.57.1b7
2.57.1b8
2.57.1b9
2.57.2b0
2.58.1b0
2.58.1b1
2.58.1b2
2.58.1b3
2.58.1b4
2.58.1b5
2.58.2b0
2.58.2b1
2.58.2b2
2.58.2b3
2.58.2b4
2.58.2b5
2.58.3b0
2.58.3b1
2.58.3b2
2.59.1b0
2.59.2b0
2.59.2b1
2.59.2b2
2.59.2b3
2.59.3b0
2.6.0
2.60.1b0
2.60.1b1
2.60.1b2
2.60.2b0
2.60.2b1
2.61.1b0
2.61.1b1
2.61.1b2
2.61.1b3
2.61.2b0
2.61.2b1
2.61.2b2
2.61.2b3
2.61.2b4
2.62.1b0
2.62.1b1
2.62.1b2
2.62.1b3
2.63.1b0
2.63.1b1
2.63.1b2
2.63.1b3
2.63.1b4
2.63.3b0
2.64.1b0
2.64.1b1
2.64.1b2
2.64.2b0
2.64.2b1
2.64.3b0
2.64.6b0
2.64.6b1
2.64.6b2
2.65.1b0
2.65.1b1
2.65.1b2
2.65.3b0
2.65.3b1
2.65.3b2
2.65.3b3
2.66.1b0
2.66.1b1
2.66.2b0
2.66.2b1
2.66.2b2
2.66.3b0
2.67.1b0
2.67.1b1
2.67.2b0
2.67.2b1
2.67.2b2
2.67.2b3
2.67.3b0
2.67.3b1
2.68.1b0
2.68.1b1
2.68.1b2
2.68.1b3
2.68.1b4
2.69.0rc0
2.69.0rc1
2.69.0rc10
2.69.0rc2
2.69.0rc3
2.69.0rc4
2.69.0rc5
2.69.0rc6
2.69.0rc7
2.69.0rc8
2.69.0rc9
2.69.1rc0
2.9.3a0
2.9.4