CVE-2025-48371: CWE-285: Improper Authorization in openfga openfga
OpenFGA is an authorization/permission engine. OpenFGA versions 1.8.0 through 1.8.12 (corresponding to Helm chart openfga-0.2.16 through openfga-0.2.30 and docker 1.8.0 through 1.8.12) are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Users are affected under four specific conditions: First, calling Check API or ListObjects with an authorization model that has a relationship directly assignable by both type bound public access and userset; second, there are check or list object queries with contextual tuples for the relationship that can be directly assignable by both type bound public access and userset; third, those contextual tuples’s user field is an userset; and finally, type bound public access tuples are not assigned to the relationship. Users should upgrade to version 1.8.13 to receive a patch. The upgrade is backwards compatible.
AI Analysis
Technical Summary
CVE-2025-48371 is a medium-severity vulnerability affecting OpenFGA, an authorization and permission engine widely used to manage fine-grained access control. The vulnerability exists in OpenFGA versions 1.8.0 through 1.8.12 (including Helm charts openfga-0.2.16 through openfga-0.2.30 and corresponding Docker images). It is classified as CWE-285: Improper Authorization. The flaw allows an authorization bypass under specific conditions involving the Check and ListObjects API calls. Specifically, when an authorization model includes a relationship that can be assigned both by type-bound public access and userset, and when queries include contextual tuples where the user field is itself a userset, but type-bound public access tuples are not assigned, the system may incorrectly authorize access. This means that unauthorized users could potentially gain access to resources or data they should not have permissions for. The vulnerability requires low attack complexity and low privileges (partial privileges) but no user interaction, and it affects confidentiality, integrity, and availability with a high scope impact due to the potential bypass of authorization controls. The vendor has released version 1.8.13 which patches this issue and is backward compatible. No known exploits are currently reported in the wild.
Potential Impact
For European organizations, this vulnerability poses a significant risk especially for those relying on OpenFGA for access control in cloud-native environments, microservices architectures, or SaaS platforms. Unauthorized access due to this flaw could lead to data leakage, unauthorized data modification, or disruption of services, impacting confidentiality, integrity, and availability of critical systems. Sectors such as finance, healthcare, government, and critical infrastructure, which often implement strict access controls, could face compliance violations (e.g., GDPR) and reputational damage if unauthorized access occurs. The medium CVSS score reflects the moderate ease of exploitation combined with the potentially broad impact on access control enforcement. Since OpenFGA is used to enforce fine-grained permissions, exploitation could allow attackers or malicious insiders to escalate privileges or access sensitive data without detection.
Mitigation Recommendations
European organizations should immediately assess their use of OpenFGA and identify deployments running vulnerable versions (1.8.0 through 1.8.12). The primary mitigation is to upgrade to OpenFGA version 1.8.13 or later, which contains the patch for this authorization bypass. Since the upgrade is backward compatible, it should be feasible to deploy without major disruptions. Additionally, organizations should audit their authorization models to identify any relationships that combine type-bound public access and userset assignments, especially those involving contextual tuples with userset user fields. Tightening or redesigning these models to avoid ambiguous or overlapping assignments can reduce risk. Implementing additional monitoring and anomaly detection on authorization API calls (Check and ListObjects) may help detect suspicious access patterns. Finally, organizations should review their incident response plans to prepare for potential exploitation scenarios involving authorization bypass.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark
CVE-2025-48371: CWE-285: Improper Authorization in openfga openfga
Description
OpenFGA is an authorization/permission engine. OpenFGA versions 1.8.0 through 1.8.12 (corresponding to Helm chart openfga-0.2.16 through openfga-0.2.30 and docker 1.8.0 through 1.8.12) are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Users are affected under four specific conditions: First, calling Check API or ListObjects with an authorization model that has a relationship directly assignable by both type bound public access and userset; second, there are check or list object queries with contextual tuples for the relationship that can be directly assignable by both type bound public access and userset; third, those contextual tuples’s user field is an userset; and finally, type bound public access tuples are not assigned to the relationship. Users should upgrade to version 1.8.13 to receive a patch. The upgrade is backwards compatible.
AI-Powered Analysis
Technical Analysis
CVE-2025-48371 is a medium-severity vulnerability affecting OpenFGA, an authorization and permission engine widely used to manage fine-grained access control. The vulnerability exists in OpenFGA versions 1.8.0 through 1.8.12 (including Helm charts openfga-0.2.16 through openfga-0.2.30 and corresponding Docker images). It is classified as CWE-285: Improper Authorization. The flaw allows an authorization bypass under specific conditions involving the Check and ListObjects API calls. Specifically, when an authorization model includes a relationship that can be assigned both by type-bound public access and userset, and when queries include contextual tuples where the user field is itself a userset, but type-bound public access tuples are not assigned, the system may incorrectly authorize access. This means that unauthorized users could potentially gain access to resources or data they should not have permissions for. The vulnerability requires low attack complexity and low privileges (partial privileges) but no user interaction, and it affects confidentiality, integrity, and availability with a high scope impact due to the potential bypass of authorization controls. The vendor has released version 1.8.13 which patches this issue and is backward compatible. No known exploits are currently reported in the wild.
Potential Impact
For European organizations, this vulnerability poses a significant risk especially for those relying on OpenFGA for access control in cloud-native environments, microservices architectures, or SaaS platforms. Unauthorized access due to this flaw could lead to data leakage, unauthorized data modification, or disruption of services, impacting confidentiality, integrity, and availability of critical systems. Sectors such as finance, healthcare, government, and critical infrastructure, which often implement strict access controls, could face compliance violations (e.g., GDPR) and reputational damage if unauthorized access occurs. The medium CVSS score reflects the moderate ease of exploitation combined with the potentially broad impact on access control enforcement. Since OpenFGA is used to enforce fine-grained permissions, exploitation could allow attackers or malicious insiders to escalate privileges or access sensitive data without detection.
Mitigation Recommendations
European organizations should immediately assess their use of OpenFGA and identify deployments running vulnerable versions (1.8.0 through 1.8.12). The primary mitigation is to upgrade to OpenFGA version 1.8.13 or later, which contains the patch for this authorization bypass. Since the upgrade is backward compatible, it should be feasible to deploy without major disruptions. Additionally, organizations should audit their authorization models to identify any relationships that combine type-bound public access and userset assignments, especially those involving contextual tuples with userset user fields. Tightening or redesigning these models to avoid ambiguous or overlapping assignments can reduce risk. Implementing additional monitoring and anomaly detection on authorization API calls (Check and ListObjects) may help detect suspicious access patterns. Finally, organizations should review their incident response plans to prepare for potential exploitation scenarios involving authorization bypass.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-05-19T15:46:00.395Z
- Cisa Enriched
- false
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 682fa72d0acd01a24927040e
Added to database: 5/22/2025, 10:37:33 PM
Last enriched: 7/8/2025, 4:41:04 AM
Last updated: 8/2/2025, 6:28:40 PM
Views: 12
Related Threats
CVE-2025-2713: CWE-269 Improper Privilege Management in Google gVisor
MediumCVE-2025-8916: CWE-770 Allocation of Resources Without Limits or Throttling in Legion of the Bouncy Castle Inc. Bouncy Castle for Java
MediumCVE-2025-8914: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in WellChoose Organization Portal System
HighCVE-2025-8913: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in WellChoose Organization Portal System
CriticalCVE-2025-8912: CWE-36 Absolute Path Traversal in WellChoose Organization Portal System
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.