CVE-2025-57817
- Source
- https://cve.org/CVERecord?id=CVE-2025-57817
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-57817.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-57817
- Aliases
- Published
- 2025-09-08T21:17:09.105Z
- Modified
- 2026-04-10T05:31:12.745078Z
- Severity
-
- 8.6 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation
- Details
-
Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with
client:createorclient:updatepermissions to escalate their privileges to owner-level. Version 2.69.1 fixes the issue. No known workarounds are available. - Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-862" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/57xxx/CVE-2025-57817.json" }- References
-
- https://github.com/ethyca/fides/releases/tag/2.69.1
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/57xxx/CVE-2025-57817.json
- https://github.com/ethyca/fides/security/advisories/GHSA-hjfh-p8f5-24wr
- https://nvd.nist.gov/vuln/detail/CVE-2025-57817
- https://github.com/ethyca/fides/commit/2ffd125e1089a09b84c27fb5279a05960cbf2452
Affected packages
Git / github.com/ethyca/fides
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ethyca/fides
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8
0.9.8.1
0.9.8.2
0.9.8.3
0.9.8.4
0.9.9
1.*
1.0.0
1.1.0
1.1.1
1.2.0
1.3.0
1.3.1
1.4.0
1.4.1
1.5.0
1.5.1
1.5.2
1.6.0
1.7.0
1.8.0
1.8.1
1.8.2
1.8.3
1.8.4
1.9.0
1.9.1
1.9.2
1.9.9
2.*
2.0.0
2.0.0-beta.1
2.0.0-beta.2
2.0.0-beta.3
2.10.1b0
2.10.1b1
2.10.1b2
2.10.1b3
2.11.1b0
2.11.1b1
2.11.1b2
2.11.1b3
2.11.1b4
2.11.1b5
2.11.1b6
2.12.1b0
2.12.1b1
2.12.1b2
2.12.1b3
2.12.1b4
2.12.2b0
2.12.2b1
2.12.2b2
2.13.1b0
2.13.1b1
2.13.1b2
2.14.1b0
2.14.1b1
2.14.1b2
2.14.2b0
2.14.3b0
2.15.1b0
2.15.1b1
2.15.2b0
2.16.1b0
2.16.1b1
2.17.1b0
2.18.1b0
2.18.1b1
2.18.1b2
2.18.1b3
2.18.1b4
2.18.1b5
2.18.1b6
2.18.1b7
2.19.1b0
2.19.2b0
2.19.2b1
2.19.2b2
2.20.1b0
2.20.1b1
2.20.1b2
2.20.1b3
2.20.1b4
2.20.2b0
2.20.3b0
2.20.3b1
2.20.3b2
2.21.0rc0
2.21.1b0
2.21.1b1
2.21.1b2
2.21.1b3
2.22.1b0
2.22.1b1
2.22.1b2
2.22.1b3
2.22.2b0
2.22.2b1
2.22.2b2
2.22.2b3
2.23.1b0
2.23.2b0
2.23.3b0
2.23.3b1
2.23.3b2
2.23.3b3
2.24.1b0
2.24.1b1
2.24.2b0
2.24.2b1
2.25.1b0
2.25.1b1
2.25.1b2
2.25.1b3
2.25.1b4
2.26.1b0
2.26.1b1
2.27.1b0
2.27.1b1
2.28.1b0
2.28.1b1
2.29.1b0
2.29.1b1
2.30.1b0
2.30.2b0
2.30.2b1
2.31.1b0
2.31.1b2
2.32.1b0
2.32.1b1
2.32.1b2
2.33.1b0
2.33.2b0
2.34.1b0
2.34.2b0
2.34.2b1
2.34.2b2
2.34.2b3
2.35.2b0
2.35.2b1
2.36.1b0
2.36.2b0
2.36.2b1
2.36.2b2
2.36.2b3
2.36.2b4
2.36.2b5
2.37.1b0
2.37.1b1
2.37.1b2
2.37.1b3
2.37.1b4
2.38.1b0
2.38.1b1
2.38.2b0
2.38.2b1
2.38.2b2
2.38.2b3
2.39.1b0
2.39.2b0
2.40.1b0
2.40.1b1
2.41.1b0
2.41.1b1
2.41.1b2
2.41.1b3
2.41.1b4
2.42.1b0
2.42.2b0
2.42.2b1
2.42.2b2
2.42.2b3
2.42.2b4
2.43.1b0
2.43.3b0
2.43.3b1
2.43.3b2
2.44.1b0
2.44.1b1
2.44.1b2
2.44.1b3
2.44.1b4
2.44.1b5
2.45.1b0
2.45.3b0
2.45.3b1
2.45.3b2
2.45.3b3
2.45.3b4
2.46.1b0
2.46.1b1
2.46.1b2
2.46.1b3
2.46.1b4
2.46.2b0
2.46.3b0
2.46.3b1
2.47.1b0
2.47.2b0
2.47.2b1
2.47.2b2
2.47.2b3
2.48.1b0
2.48.1b1
2.48.2b0
2.49.2a0
2.49.2b0
2.50.1b0
2.51.1b0
2.51.3b0
2.51.3b1
2.51.3b2
2.52.1b0
2.52.1b1
2.52.1b2
2.53.1b0
2.53.1b1
2.54.1b0
2.54.1b1
2.54.1b2
2.54.1b3
2.54.1b4
2.54.1b5
2.54.1b6
2.54.1b7
2.55.1b0
2.55.1b1
2.55.1b2
2.55.1b3
2.55.3b0
2.55.3b1
2.55.5b0
2.55.5b1
2.55.5b2
2.56.1b0
2.56.1b1
2.56.1b2
2.56.1b3
2.56.2b0
2.56.2b1
2.56.3b0
2.56.3b1
2.56.3b2
2.57.1b0
2.57.1b1
2.57.1b2
2.57.1b3
2.57.1b4
2.57.1b5
2.57.1b6
2.57.1b7
2.57.1b8
2.57.1b9
2.57.2b0
2.58.1b0
2.58.1b1
2.58.1b2
2.58.1b3
2.58.1b4
2.58.1b5
2.58.2b0
2.58.2b1
2.58.2b2
2.58.2b3
2.58.2b4
2.58.2b5
2.58.3b0
2.58.3b1
2.58.3b2
2.59.1b0
2.59.2b0
2.59.2b1
2.59.2b2
2.59.2b3
2.59.3b0
2.6.0
2.60.1b0
2.60.1b1
2.60.1b2
2.60.2b0
2.60.2b1
2.61.1b0
2.61.1b1
2.61.1b2
2.61.1b3
2.61.2b0
2.61.2b1
2.61.2b2
2.61.2b3
2.61.2b4
2.62.1b0
2.62.1b1
2.62.1b2
2.62.1b3
2.63.1b0
2.63.1b1
2.63.1b2
2.63.1b3
2.63.1b4
2.63.3b0
2.64.1b0
2.64.1b1
2.64.1b2
2.64.2b0
2.64.2b1
2.64.3b0
2.64.6b0
2.64.6b1
2.64.6b2
2.65.1b0
2.65.1b1
2.65.1b2
2.65.3b0
2.65.3b1
2.65.3b2
2.65.3b3
2.66.1b0
2.66.1b1
2.66.2b0
2.66.2b1
2.66.2b2
2.66.3b0
2.67.1b0
2.67.1b1
2.67.2b0
2.67.2b1
2.67.2b2
2.67.2b3
2.67.3b0
2.67.3b1
2.68.1b0
2.68.1b1
2.68.1b2
2.68.1b3
2.68.1b4
2.69.0rc0
2.69.0rc1
2.69.0rc10
2.69.0rc2
2.69.0rc3
2.69.0rc4
2.69.0rc5
2.69.0rc6
2.69.0rc7
2.69.0rc8
2.69.0rc9
2.69.1rc0
2.9.3a0
2.9.4