ГлавнаяУязвимости → CVE-2025-64751
8.8высокая

CVE-2025-64751

Описание

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.4.0 to v1.11.0 ( openfga-0.1.34 <= Helm chart <= openfga-0.2.48, v.1.4.0 <= docker <= v.1.11.0) are vulnerable to improper policy enforcement when certain Check and ListObject calls are executed. This issue has been patched in version 1.11.1.

Затрагиваемое ПО
Openfga Helm chartsOpenfga Openfga
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/openfga/openfga/releases/tag/v1.11.1https://github.com/openfga/openfga/security/advisories/GHSA-2c64-vmv2-hgfc