CVE-2025-46544: CWE-863 Incorrect Authorization in Sherpa Orchestrator
In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new users and roles.
AI Analysis
Technical Summary
CVE-2025-46544 is a vulnerability classified under CWE-863 (Incorrect Authorization) affecting Sherpa Orchestrator version 141851. The flaw allows a low-privileged user within the system to escalate their privileges by creating new users and roles without proper authorization checks. Sherpa Orchestrator is an automation and orchestration platform used to manage workflows, system configurations, and potentially sensitive operational tasks. The vulnerability arises due to insufficient enforcement of authorization controls on user and role management functions, enabling unauthorized privilege escalation. This means that an attacker who already has some level of access—albeit limited—can exploit this weakness to gain administrative or elevated privileges, thereby compromising the integrity and confidentiality of the system. The vulnerability does not require user interaction beyond the initial access, and no known exploits are currently reported in the wild. However, the presence of this flaw poses a significant risk because it undermines the fundamental access control mechanisms of the platform, potentially allowing attackers to manipulate system configurations, access sensitive data, or disrupt operations.
Potential Impact
For European organizations using Sherpa Orchestrator 141851, this vulnerability could lead to severe operational and security consequences. Unauthorized privilege escalation can result in attackers gaining administrative control, enabling them to create or modify user accounts and roles, potentially leading to unauthorized access to sensitive data and critical systems. This could compromise the confidentiality and integrity of organizational data, disrupt automated workflows, and impact availability if malicious changes are made to orchestration processes. Organizations in sectors such as finance, manufacturing, telecommunications, and critical infrastructure that rely on Sherpa Orchestrator for automation could face operational downtime, data breaches, and regulatory non-compliance. The risk is heightened in environments where Sherpa Orchestrator is integrated with other critical IT or OT systems, as attackers could pivot from the orchestrator to other parts of the network. Given the medium severity rating and the lack of known exploits, the threat is currently moderate but could escalate if exploit code becomes publicly available.
Mitigation Recommendations
To mitigate this vulnerability, organizations should first verify if they are running Sherpa Orchestrator version 141851 and prioritize upgrading to a patched version once available from Sherpa. In the absence of an official patch, organizations should implement strict network segmentation to limit access to the Orchestrator interface only to trusted administrators and systems. Employing multi-factor authentication (MFA) for all users accessing the Orchestrator can reduce the risk of unauthorized access. Additionally, organizations should audit existing user roles and permissions to ensure the principle of least privilege is enforced, removing any unnecessary user creation or role modification rights from low-privileged accounts. Monitoring and logging all user and role management activities within the Orchestrator can help detect suspicious privilege escalation attempts early. If possible, temporarily disable or restrict user and role creation functionalities for non-administrative users until a patch is applied. Finally, organizations should conduct regular security assessments and penetration tests focusing on access control mechanisms within the Orchestrator environment.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Belgium
CVE-2025-46544: CWE-863 Incorrect Authorization in Sherpa Orchestrator
Description
In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new users and roles.
AI-Powered Analysis
Technical Analysis
CVE-2025-46544 is a vulnerability classified under CWE-863 (Incorrect Authorization) affecting Sherpa Orchestrator version 141851. The flaw allows a low-privileged user within the system to escalate their privileges by creating new users and roles without proper authorization checks. Sherpa Orchestrator is an automation and orchestration platform used to manage workflows, system configurations, and potentially sensitive operational tasks. The vulnerability arises due to insufficient enforcement of authorization controls on user and role management functions, enabling unauthorized privilege escalation. This means that an attacker who already has some level of access—albeit limited—can exploit this weakness to gain administrative or elevated privileges, thereby compromising the integrity and confidentiality of the system. The vulnerability does not require user interaction beyond the initial access, and no known exploits are currently reported in the wild. However, the presence of this flaw poses a significant risk because it undermines the fundamental access control mechanisms of the platform, potentially allowing attackers to manipulate system configurations, access sensitive data, or disrupt operations.
Potential Impact
For European organizations using Sherpa Orchestrator 141851, this vulnerability could lead to severe operational and security consequences. Unauthorized privilege escalation can result in attackers gaining administrative control, enabling them to create or modify user accounts and roles, potentially leading to unauthorized access to sensitive data and critical systems. This could compromise the confidentiality and integrity of organizational data, disrupt automated workflows, and impact availability if malicious changes are made to orchestration processes. Organizations in sectors such as finance, manufacturing, telecommunications, and critical infrastructure that rely on Sherpa Orchestrator for automation could face operational downtime, data breaches, and regulatory non-compliance. The risk is heightened in environments where Sherpa Orchestrator is integrated with other critical IT or OT systems, as attackers could pivot from the orchestrator to other parts of the network. Given the medium severity rating and the lack of known exploits, the threat is currently moderate but could escalate if exploit code becomes publicly available.
Mitigation Recommendations
To mitigate this vulnerability, organizations should first verify if they are running Sherpa Orchestrator version 141851 and prioritize upgrading to a patched version once available from Sherpa. In the absence of an official patch, organizations should implement strict network segmentation to limit access to the Orchestrator interface only to trusted administrators and systems. Employing multi-factor authentication (MFA) for all users accessing the Orchestrator can reduce the risk of unauthorized access. Additionally, organizations should audit existing user roles and permissions to ensure the principle of least privilege is enforced, removing any unnecessary user creation or role modification rights from low-privileged accounts. Monitoring and logging all user and role management activities within the Orchestrator can help detect suspicious privilege escalation attempts early. If possible, temporarily disable or restrict user and role creation functionalities for non-administrative users until a patch is applied. Finally, organizations should conduct regular security assessments and penetration tests focusing on access control mechanisms within the Orchestrator environment.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2025-04-24T00:00:00.000Z
- Cisa Enriched
- true
Threat ID: 682d983ec4522896dcbf02dd
Added to database: 5/21/2025, 9:09:18 AM
Last enriched: 6/24/2025, 1:26:14 PM
Last updated: 8/11/2025, 1:28:21 PM
Views: 11
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.