CNNVD-202507-2912 Information

CNNVD ID

CNNVD-202507-2912

Related CVE

CVE-2025-51479

• CNNVD Published: 2025-07-22

Description (Chinese)

Onyx是Onyx开源的一个AI大模型平台。 Onyx 0.27.0版本存在安全漏洞，该漏洞源于update_user_group存在授权绕过漏洞，可能导致修改任意用户组。

Description (English)

Onyx is an AI large model platform from Onyx open source. Onyx 0.27.0 has a security loophole, which stems from the existence of a mandate to circumvent the loophole, which may lead to modification of any user group.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Onyx

Published

2025-07-22

Last Modified

2026-02-24

References

https://github.com/onyx-dot-app/onyx https://www.gecko.security/blog/cve-2025-51479 https://github.com/onyx-dot-app/onyx/pull/4714 https://access.redhat.com/security/cve/cve-2025-51479 https://nvd.nist.gov/vuln/detail/CVE-2025-51479

Patch

https://github.com/onyx-dot-app/onyx/releases