CVE-2025-8794

Summary

A vulnerability, which was classified as problematic, has been found in LitmusChaos Litmus up to 3.19.0. Affected by this issue is some unknown functionality of the component LocalStorage Handler. The manipulation of the argument projectID leads to authorization bypass. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
LitmusChaosLitmus3.0affected
LitmusChaosLitmus3.1affected
LitmusChaosLitmus3.2affected
LitmusChaosLitmus3.3affected
LitmusChaosLitmus3.4affected
LitmusChaosLitmus3.5affected
LitmusChaosLitmus3.6affected
LitmusChaosLitmus3.7affected
LitmusChaosLitmus3.8affected
LitmusChaosLitmus3.9affected
LitmusChaosLitmus3.10affected
LitmusChaosLitmus3.11affected
LitmusChaosLitmus3.12affected
LitmusChaosLitmus3.13affected
LitmusChaosLitmus3.14affected
LitmusChaosLitmus3.15affected
LitmusChaosLitmus3.16affected
LitmusChaosLitmus3.17affected
LitmusChaosLitmus3.18affected
LitmusChaosLitmus3.19.0affected

Weaknesses

  • CWE-639: Authorization Bypass
  • CWE-285: Improper Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References