Skip to main content

CVE-2025-46544: CWE-863 Incorrect Authorization in Sherpa Orchestrator

Medium
Published: Fri Apr 25 2025 (04/25/2025, 00:00:00 UTC)
Source: CVE
Vendor/Project: Sherpa
Product: Orchestrator

Description

In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new users and roles.

AI-Powered Analysis

AILast updated: 06/24/2025, 13:26:14 UTC

Technical Analysis

CVE-2025-46544 is a vulnerability classified under CWE-863 (Incorrect Authorization) affecting Sherpa Orchestrator version 141851. The flaw allows a low-privileged user within the system to escalate their privileges by creating new users and roles without proper authorization checks. Sherpa Orchestrator is an automation and orchestration platform used to manage workflows, system configurations, and potentially sensitive operational tasks. The vulnerability arises due to insufficient enforcement of authorization controls on user and role management functions, enabling unauthorized privilege escalation. This means that an attacker who already has some level of access—albeit limited—can exploit this weakness to gain administrative or elevated privileges, thereby compromising the integrity and confidentiality of the system. The vulnerability does not require user interaction beyond the initial access, and no known exploits are currently reported in the wild. However, the presence of this flaw poses a significant risk because it undermines the fundamental access control mechanisms of the platform, potentially allowing attackers to manipulate system configurations, access sensitive data, or disrupt operations.

Potential Impact

For European organizations using Sherpa Orchestrator 141851, this vulnerability could lead to severe operational and security consequences. Unauthorized privilege escalation can result in attackers gaining administrative control, enabling them to create or modify user accounts and roles, potentially leading to unauthorized access to sensitive data and critical systems. This could compromise the confidentiality and integrity of organizational data, disrupt automated workflows, and impact availability if malicious changes are made to orchestration processes. Organizations in sectors such as finance, manufacturing, telecommunications, and critical infrastructure that rely on Sherpa Orchestrator for automation could face operational downtime, data breaches, and regulatory non-compliance. The risk is heightened in environments where Sherpa Orchestrator is integrated with other critical IT or OT systems, as attackers could pivot from the orchestrator to other parts of the network. Given the medium severity rating and the lack of known exploits, the threat is currently moderate but could escalate if exploit code becomes publicly available.

Mitigation Recommendations

To mitigate this vulnerability, organizations should first verify if they are running Sherpa Orchestrator version 141851 and prioritize upgrading to a patched version once available from Sherpa. In the absence of an official patch, organizations should implement strict network segmentation to limit access to the Orchestrator interface only to trusted administrators and systems. Employing multi-factor authentication (MFA) for all users accessing the Orchestrator can reduce the risk of unauthorized access. Additionally, organizations should audit existing user roles and permissions to ensure the principle of least privilege is enforced, removing any unnecessary user creation or role modification rights from low-privileged accounts. Monitoring and logging all user and role management activities within the Orchestrator can help detect suspicious privilege escalation attempts early. If possible, temporarily disable or restrict user and role creation functionalities for non-administrative users until a patch is applied. Finally, organizations should conduct regular security assessments and penetration tests focusing on access control mechanisms within the Orchestrator environment.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2025-04-24T00:00:00.000Z
Cisa Enriched
true

Threat ID: 682d983ec4522896dcbf02dd

Added to database: 5/21/2025, 9:09:18 AM

Last enriched: 6/24/2025, 1:26:14 PM

Last updated: 8/11/2025, 1:28:21 PM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats