CVE-2025-26467 is a vulnerability in Apache Cassandra 4.0.16 where a user granted MODIFY permission on all keyspaces can exploit unsafe privilege definitions to escalate their privileges to superuser within the Cassandra cluster. This vulnerability stems from CWE-267, which involves privileges defined with unsafe actions that allow unauthorized users to perform actions beyond their intended scope. The issue is specifically present in version 4.0.16 because the patch for a related vulnerability (CVE-2025-23015) was incorrectly applied, leaving this version vulnerable. The vulnerability allows an attacker with limited privileges to gain full control over the Cassandra cluster, potentially leading to unauthorized data access, modification, or deletion. The vulnerability does not require user interaction and can be exploited remotely over the network (AV:N), with low attack complexity (AC:L), and requires privileges (PR:L) but no UI. The CVSS v3.1 base score is 8.8, indicating a high severity with impacts on confidentiality, integrity, and availability. The vulnerability affects only the 4.0.16 version in the 4.0 series; other versions in 3.0, 3.11, 4.1, and 5.0 series are affected by the related CVE-2025-23015 and should follow its mitigation guidance. Operators granting MODIFY permissions broadly should review their access controls carefully to prevent privilege escalation.

The vulnerability allows an attacker with MODIFY permissions on all keyspaces to escalate to superuser privileges, effectively gaining full administrative control over the Cassandra cluster. This can lead to unauthorized data access, data manipulation, deletion, or disruption of service, severely impacting confidentiality, integrity, and availability of critical data. Organizations relying on Apache Cassandra for large-scale data storage and processing could face data breaches, operational downtime, and loss of trust. The ease of exploitation (remote, no user interaction, low complexity) combined with the high impact on system control makes this a significant threat. Misconfigured permissions or overly broad MODIFY access increase risk. Since Apache Cassandra is widely used in financial services, telecommunications, e-commerce, and cloud services, the impact could be widespread and severe, especially in environments where Cassandra clusters hold sensitive or regulated data.

1. Immediately upgrade Apache Cassandra 4.0.16 instances to version 4.0.17, which contains the correct patch for this vulnerability. 2. For other affected versions (3.0, 3.11, 4.1, 5.0 series), follow the mitigation steps outlined in CVE-2025-23015 advisories. 3. Audit and restrict MODIFY permissions on all keyspaces; avoid granting broad MODIFY access unless absolutely necessary. 4. Implement the principle of least privilege rigorously, ensuring users have only the permissions required for their roles. 5. Monitor Cassandra audit logs for unusual privilege escalations or administrative actions. 6. Use network segmentation and access controls to limit who can connect to Cassandra clusters. 7. Regularly review and update access control policies and perform penetration testing focused on privilege escalation vectors. 8. Consider deploying additional security layers such as database activity monitoring and anomaly detection to identify exploitation attempts early.