CVE-2025-23015

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches. This issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2. Users are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://lists.apache.org/thread/jmks4msbgkl65ssg69x728sv1m0hwz3s	Mailing List Vendor Advisory Issue Tracking
http://www.openwall.com/lists/oss-security/2025/02/03/2	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2025/02/11/1	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20250214-0006/	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:cassandra::::::::
	cpe:2.3:a:apache:cassandra::::::::
	cpe:2.3:a:apache:cassandra::::::::
	cpe:2.3:a:apache:cassandra::::::::
	cpe:2.3:a:apache:cassandra::::::::

History

No history.

Information

Published : 2025-02-04 10:15

Updated : 2025-07-14 12:44

NVD link : CVE-2025-23015

Mitre link : CVE-2025-23015

CVE.ORG link : CVE-2025-23015

JSON object : View

Products Affected

apache

cassandra

CWE

CWE-267

Privilege Defined With Unsafe Actions

{"id": "CVE-2025-23015", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-02-04T10:15:09.097", "references": [{"url": "https://lists.apache.org/thread/jmks4msbgkl65ssg69x728sv1m0hwz3s", "tags": ["Mailing List", "Vendor Advisory", "Issue Tracking"], "source": "[email protected]"}, {"url": "http://www.openwall.com/lists/oss-security/2025/02/03/2", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2025/02/11/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20250214-0006/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-267"}]}], "descriptions": [{"lang": "en", "value": "Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches.\n\nThis issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2.\n\nUsers are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue."}, {"lang": "es", "value": "Vulnerabilidad de privilegios definidos con acciones no seguras en Apache Cassandra. Un usuario con permiso MODIFY ON ALL KEYSPACES puede escalar privilegios a superusuario dentro de un cl\u00faster de Cassandra de destino mediante acciones no seguras a un recurso del sistema. Los operadores que otorgan permiso MODIFY a los datos en todos los espacios de claves en las versiones afectadas deben revisar las reglas de acceso a los datos para detectar posibles infracciones. Este problema afecta a Apache Cassandra hasta las versiones 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2. Se recomienda a los usuarios que actualicen a las versiones 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, que solucionan el problema."}], "lastModified": "2025-07-14T12:44:57.403", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EBD1031-1C25-4CAC-B773-6947C69DB7FB", "versionEndExcluding": "3.0.31", "versionStartIncluding": "3.0.0"}, {"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "943AAE20-EEC3-4D9B-9589-6F873C26AE0D", "versionEndExcluding": "3.11.18", "versionStartIncluding": "3.1"}, {"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "282DA169-6FCB-4381-9B68-CAA2D415E64D", "versionEndExcluding": "4.0.16", "versionStartIncluding": "4.0.0"}, {"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B436C4E3-A38B-42E4-AFF4-C057BE7E156C", "versionEndExcluding": "4.1.8", "versionStartIncluding": "4.1.0"}, {"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BFBF10F-8408-495D-99E6-AE122CDD87CC", "versionEndExcluding": "5.0.3", "versionStartIncluding": "5.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}