CVE-2025-8793

Summary

A vulnerability classified as problematic was found in LitmusChaos Litmus up to 3.19.0. Affected by this vulnerability is an unknown functionality. The manipulation of the argument projectID leads to improper control of resource identifiers. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
LitmusChaosLitmus3.0affected
LitmusChaosLitmus3.1affected
LitmusChaosLitmus3.2affected
LitmusChaosLitmus3.3affected
LitmusChaosLitmus3.4affected
LitmusChaosLitmus3.5affected
LitmusChaosLitmus3.6affected
LitmusChaosLitmus3.7affected
LitmusChaosLitmus3.8affected
LitmusChaosLitmus3.9affected
LitmusChaosLitmus3.10affected
LitmusChaosLitmus3.11affected
LitmusChaosLitmus3.12affected
LitmusChaosLitmus3.13affected
LitmusChaosLitmus3.14affected
LitmusChaosLitmus3.15affected
LitmusChaosLitmus3.16affected
LitmusChaosLitmus3.17affected
LitmusChaosLitmus3.18affected
LitmusChaosLitmus3.19.0affected

Weaknesses

  • CWE-99: Improper Control of Resource Identifiers

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References