CVE-2025-8791

Summary

A vulnerability was found in LitmusChaos Litmus up to 3.19.0. It has been rated as critical. This issue affects some unknown processing of the file /auth/list_projects. The manipulation of the argument role leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
LitmusChaosLitmus3.0affected
LitmusChaosLitmus3.1affected
LitmusChaosLitmus3.2affected
LitmusChaosLitmus3.3affected
LitmusChaosLitmus3.4affected
LitmusChaosLitmus3.5affected
LitmusChaosLitmus3.6affected
LitmusChaosLitmus3.7affected
LitmusChaosLitmus3.8affected
LitmusChaosLitmus3.9affected
LitmusChaosLitmus3.10affected
LitmusChaosLitmus3.11affected
LitmusChaosLitmus3.12affected
LitmusChaosLitmus3.13affected
LitmusChaosLitmus3.14affected
LitmusChaosLitmus3.15affected
LitmusChaosLitmus3.16affected
LitmusChaosLitmus3.17affected
LitmusChaosLitmus3.18affected
LitmusChaosLitmus3.19.0affected

Weaknesses

  • CWE-285: Improper Authorization
  • CWE-266: Incorrect Privilege Assignment

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References