CVE-2025-23015

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-23015

CGA ID

CGA-2w49-58mr-2x8v

Severity

Unknown

Summary

Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions

Description

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches.

This issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2.

Users are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue.

References

https://images.chainguard.dev/security/CGA-2w49-58mr-2x8v
https://github.com/advisories/GHSA-wmcc-9vch-jmx4
https://nvd.nist.gov/vuln/detail/CVE-2025-23015
https://github.com/apache/cassandra/commit/6207a305ba2b0cebc3241e00a843ab5dbf86d2ed
https://github.com/apache/cassandra/commit/f33267c8fae6d71166886efc3e7ddda4114ebeef
https://github.com/apache/cassandra
https://lists.apache.org/thread/jmks4msbgkl65ssg69x728sv1m0hwz3s
https://security.netapp.com/advisory/ntap-20250214-0006
http://www.openwall.com/lists/oss-security/2025/02/03/2
http://www.openwall.com/lists/oss-security/2025/02/11/1

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2025-23015

Severity

Summary

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources