CVE-2025-8797

Summary

A vulnerability was found in LitmusChaos Litmus up to 3.19.0 and classified as critical. This issue affects some unknown processing of the component LocalStorage Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
LitmusChaosLitmus3.0affected
LitmusChaosLitmus3.1affected
LitmusChaosLitmus3.2affected
LitmusChaosLitmus3.3affected
LitmusChaosLitmus3.4affected
LitmusChaosLitmus3.5affected
LitmusChaosLitmus3.6affected
LitmusChaosLitmus3.7affected
LitmusChaosLitmus3.8affected
LitmusChaosLitmus3.9affected
LitmusChaosLitmus3.10affected
LitmusChaosLitmus3.11affected
LitmusChaosLitmus3.12affected
LitmusChaosLitmus3.13affected
LitmusChaosLitmus3.14affected
LitmusChaosLitmus3.15affected
LitmusChaosLitmus3.16affected
LitmusChaosLitmus3.17affected
LitmusChaosLitmus3.18affected
LitmusChaosLitmus3.19.0affected

Weaknesses

  • CWE-275: Permission Issues
  • CWE-266: Incorrect Privilege Assignment

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References