CNNVD-202508-2021 Information
CNNVD ID
CNNVD-202508-2021
Related CVE
- CNNVD Published: 2025-08-18
Description (Chinese)
OpenFGA是OpenFGA开源的一款为开发人员构建并受 Google Zanzibar 启发的高性能和灵活的授权/许可引擎。 OpenFGA v1.9.3至v1.9.4版本存在安全漏洞,该漏洞源于策略执行不当,可能导致授权绕过。
Description (English)
OpenFGA is an OpenFGA open source for high-performance and flexible enabling/licensing engines built by developers and inspired by Google Zanzibar. Releases OpenFGA v1.9.3 to v1.9.4 contain a security loophole, which stems from inappropriate implementation of the strategy and may lead to a circumvention of the authorization.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
OpenFGA
Published
2025-08-18
Last Modified
2026-02-24
References
https://github.com/openfga/openfga/security/advisories/GHSA-mgh9-4mwp-fg55 https://github.com/openfga/openfga/commit/1a7e0e37fc4777c824b2386cac4867a66f3480b0 https://access.redhat.com/security/cve/cve-2025-55213 https://nvd.nist.gov/vuln/detail/CVE-2025-55213
Patch
https://github.com/openfga/openfga/releases
Share on: