/
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-6pc5-c62v-r45p

Published

Last updated

https://images.chainguard.dev/security/CGA-6pc5-c62v-r45p
Package

grafana-11.3

RepositoryWolfi
Latest Update
Under investigation
Aliases
  • CVE-2025-25196
  • GHSA-g4v5-6f5p-m38j

Severity

Unknown

Summary

OpenFGA Authorization Bypass

Description

Overview OpenFGA v1.8.4 or previous (Helm chart < openfga-0.2.22, docker < v.1.8.5) are vulnerable to authorization bypass when certain Check and ListObject calls are executed.

Am I Affected? If you are using OpenFGA v1.8.4 or previous, specifically under the following conditions, you are affected by this authorization bypass vulnerability:

  • Calling Check API or ListObjects with a model that has a relation directly assignable to both public access AND userset with the same type, and
  • A type bound public access tuple is assigned to an object, and
  • userset tuple is not assigned to the same object, and
  • Check request's user field is a userset that has the same type as the type bound public access tuple's user type

Fix Upgrade to v1.8.5. This upgrade is backwards compatible.

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsPricingContact UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogEventsTrust CenterDocumentation