CNNVD-202511-2538 Information

CNNVD ID

CNNVD-202511-2538

Related CVE

CVE-2025-64751

• CNNVD Published: 2025-11-21

Description (Chinese)

OpenFGA是OpenFGA开源的一款为开发人员构建并受 Google Zanzibar 启发的高性能和灵活的授权/许可引擎。 OpenFGA v1.4.0版本至v1.11.0版本存在授权问题漏洞，该漏洞源于策略执行不当，可能导致权限绕过。

Description (English)

OpenFGA is an OpenFGA open source for high-performance and flexible enabling/licensing engines built by developers and inspired by Google Zanzibar. Releases OpenFGA v1.4.0 to v1.11.0 had a mandate gap, which stemmed from inappropriate implementation of the strategy and could lead to the circumvention of authority.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

OpenFGA

Published

2025-11-21

Last Modified

2026-02-24

References

https://github.com/openfga/openfga/releases/tag/v1.11.1 https://github.com/openfga/openfga/security/advisories/GHSA-2c64-vmv2-hgfc https://access.redhat.com/security/cve/cve-2025-64751

Patch

https://github.com/openfga/openfga/releases