CVE-2025-23015

{"id": "CVE-2025-23015", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-02-04T10:15:09.097", "references": [{"url": "https://lists.apache.org/thread/jmks4msbgkl65ssg69x728sv1m0hwz3s", "source": "security@apache.org"}, {"url": "http://www.openwall.com/lists/oss-security/2025/02/03/2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2025/02/11/1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20250214-0006/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-267"}]}], "descriptions": [{"lang": "en", "value": "Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches.\n\nThis issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2.\n\nUsers are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue."}, {"lang": "es", "value": "Vulnerabilidad de privilegios definidos con acciones no seguras en Apache Cassandra. Un usuario con permiso MODIFY ON ALL KEYSPACES puede escalar privilegios a superusuario dentro de un cl\u00faster de Cassandra de destino mediante acciones no seguras a un recurso del sistema. Los operadores que otorgan permiso MODIFY a los datos en todos los espacios de claves en las versiones afectadas deben revisar las reglas de acceso a los datos para detectar posibles infracciones. Este problema afecta a Apache Cassandra hasta las versiones 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2. Se recomienda a los usuarios que actualicen a las versiones 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, que solucionan el problema."}], "lastModified": "2025-02-15T01:15:10.833", "sourceIdentifier": "security@apache.org"}