CVE-2025-65111
- Source
- https://cve.org/CVERecord?id=CVE-2025-65111
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65111.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-65111
- Aliases
- Downstream
- Related
- Published
- 2025-11-21T22:02:52.563Z
- Modified
- 2026-04-02T13:00:32.915547Z
- Severity
-
- 2.9 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator
- Summary
- SpiceDB's LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete Results
- Details
-
SpiceDB is an open source database system for creating and managing security-critical application permissions. Prior to version 1.47.1, if a schema includes the following characteristics: permission defined in terms of a union (+) and that union references the same relation on both sides (but one side arrows to a different permission). Then SpiceDB may have missing LookupResources results when checking the permission. This only affects LookupResources; other APIs calculate permissionship correctly. The issue is fixed in version 1.47.1.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/65xxx/CVE-2025-65111.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-277" ] }- References
Affected packages
Git / github.com/authzed/spicedb
Affected ranges
- Type
- GIT
- Repo
- https://github.com/authzed/spicedb
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.29.3
v0.*
v0.0.1
v0.0.2
v0.0.3
v1.*
v1.0.0
v1.1.0
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.14.0
v1.14.1
v1.15.0
v1.16.0
v1.16.1
v1.16.2
v1.17.0
v1.18.0
v1.18.1
v1.19.0
v1.19.1
v1.2.0
v1.20.0
v1.21.0
v1.21.0-rc1
v1.22.0
v1.22.0-rc1
v1.22.0-rc2
v1.22.0-rc4
v1.22.0-rc5
v1.22.0-rc6
v1.22.0-rc7
v1.22.0-rc8
v1.22.1
v1.22.1-rc1
v1.22.2
v1.23.0
v1.23.0-rc1
v1.23.0-rc2
v1.23.0-rc3
v1.23.0-rc4
v1.23.1
v1.23.1-rc1
v1.24.0
v1.24.0-rc1
v1.24.0-rc2
v1.24.0-rc3
v1.25.0
v1.25.0-rc1
v1.25.0-rc2
v1.25.0-rc3
v1.25.0-rc4
v1.26.0
v1.26.0-rc1
v1.26.0-rc2
v1.27.0
v1.27.0-rc1
v1.27.1-rc1
v1.28.0
v1.28.0-rc1
v1.29.0
v1.29.1
v1.29.1-rc1
v1.29.2
v1.29.4
v1.29.5
v1.3.0
v1.30.0
v1.30.1
v1.31.0
v1.32.0
v1.33.0
v1.33.1
v1.34.0
v1.35.0
v1.35.1
v1.35.2
v1.35.3
v1.36.0
v1.36.1
v1.36.2
v1.36.3
v1.37.0
v1.37.1
v1.37.2
v1.38.0
v1.38.1
v1.39.0
v1.39.1
v1.4.0
v1.40.0
v1.40.1
v1.41.0
v1.42.0
v1.42.1
v1.43.0
v1.44.0
v1.44.2
v1.44.3
v1.44.4
v1.45.0
v1.45.1
v1.45.2
v1.45.3
v1.45.4
v1.46.0
v1.46.1
v1.46.2
v1.47.0
v1.5.0
v1.6.0
v1.7.0
v1.7.1
v1.8.0
v1.9.0