{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-23015", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2025-01-10T03:33:46.731Z", "datePublished": "2025-02-04T09:37:18.580Z", "dateUpdated": "2025-02-15T00:10:34.356Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Cassandra", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "3.0.30", "status": "affected", "version": "3.0.0", "versionType": "semver"}, {"lessThanOrEqual": "3.11.17", "status": "affected", "version": "3.1.0", "versionType": "semver"}, {"lessThanOrEqual": "4.0.15", "status": "affected", "version": "4.0.0", "versionType": "semver"}, {"lessThanOrEqual": "4.1.7", "status": "affected", "version": "4.1.0", "versionType": "semver"}, {"lessThanOrEqual": "5.0.2", "status": "affected", "version": "5.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Adam Pond of Apple Services Engineering Security"}, {"lang": "en", "type": "finder", "value": "Ali Mirheidari of Apple Services Engineering Security"}, {"lang": "en", "type": "finder", "value": "Terry Thibault of Apple Services Engineering Security"}, {"lang": "en", "type": "finder", "value": "Will Brattain of Apple Services Engineering Security"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches.<br><br>This issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2.<br><br>Users are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue.<br>"}], "value": "Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches.\n\nThis issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2.\n\nUsers are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue."}], "metrics": [{"other": {"content": {"text": "moderate"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-267", "description": "CWE-267 Privilege Defined With Unsafe Actions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2025-02-04T09:37:18.580Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/jmks4msbgkl65ssg69x728sv1m0hwz3s"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/02/03/2"}, {"url": "http://www.openwall.com/lists/oss-security/2025/02/11/1"}, {"url": "https://security.netapp.com/advisory/ntap-20250214-0006/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-02-15T00:10:34.356Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-02-04T18:28:23.512076Z", "id": "CVE-2025-23015", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T18:28:55.466Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/02/03/2"}, {"url": "http://www.openwall.com/lists/oss-security/2025/02/11/1"}, {"url": "https://security.netapp.com/advisory/ntap-20250214-0006/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-02-15T00:10:34.356Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-23015", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-04T18:28:23.512076Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T18:28:50.518Z"}}], "cna": {"title": "Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Adam Pond of Apple Services Engineering Security"}, {"lang": "en", "type": "finder", "value": "Ali Mirheidari of Apple Services Engineering Security"}, {"lang": "en", "type": "finder", "value": "Terry Thibault of Apple Services Engineering Security"}, {"lang": "en", "type": "finder", "value": "Will Brattain of Apple Services Engineering Security"}], "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "moderate"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Cassandra", "versions": [{"status": "affected", "version": "3.0.0", "versionType": "semver", "lessThanOrEqual": "3.0.30"}, {"status": "affected", "version": "3.1.0", "versionType": "semver", "lessThanOrEqual": "3.11.17"}, {"status": "affected", "version": "4.0.0", "versionType": "semver", "lessThanOrEqual": "4.0.15"}, {"status": "affected", "version": "4.1.0", "versionType": "semver", "lessThanOrEqual": "4.1.7"}, {"status": "affected", "version": "5.0.0", "versionType": "semver", "lessThanOrEqual": "5.0.2"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.apache.org/thread/jmks4msbgkl65ssg69x728sv1m0hwz3s", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches.\n\nThis issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2.\n\nUsers are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue.", "supportingMedia": [{"type": "text/html", "value": "Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches.<br><br>This issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2.<br><br>Users are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-267", "description": "CWE-267 Privilege Defined With Unsafe Actions"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2025-02-04T09:37:18.580Z"}}}, "cveMetadata": {"cveId": "CVE-2025-23015", "state": "PUBLISHED", "dateUpdated": "2025-02-15T00:10:34.356Z", "dateReserved": "2025-01-10T03:33:46.731Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2025-02-04T09:37:18.580Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*", "matchCriteriaId": "7EBD1031-1C25-4CAC-B773-6947C69DB7FB", "versionEndExcluding": "3.0.31", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*", "matchCriteriaId": "943AAE20-EEC3-4D9B-9589-6F873C26AE0D", "versionEndExcluding": "3.11.18", "versionStartIncluding": "3.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*", "matchCriteriaId": "282DA169-6FCB-4381-9B68-CAA2D415E64D", "versionEndExcluding": "4.0.16", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*", "matchCriteriaId": "B436C4E3-A38B-42E4-AFF4-C057BE7E156C", "versionEndExcluding": "4.1.8", "versionStartIncluding": "4.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*", "matchCriteriaId": "7BFBF10F-8408-495D-99E6-AE122CDD87CC", "versionEndExcluding": "5.0.3", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches.\n\nThis issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2.\n\nUsers are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue."}, {"lang": "es", "value": "Vulnerabilidad de privilegios definidos con acciones no seguras en Apache Cassandra. Un usuario con permiso MODIFY ON ALL KEYSPACES puede escalar privilegios a superusuario dentro de un cl\u00faster de Cassandra de destino mediante acciones no seguras a un recurso del sistema. Los operadores que otorgan permiso MODIFY a los datos en todos los espacios de claves en las versiones afectadas deben revisar las reglas de acceso a los datos para detectar posibles infracciones. Este problema afecta a Apache Cassandra hasta las versiones 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2. Se recomienda a los usuarios que actualicen a las versiones 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, que solucionan el problema."}], "id": "CVE-2025-23015", "lastModified": "2025-07-14T12:44:57.403", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-02-04T10:15:09.097", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory", "Issue Tracking"], "url": "https://lists.apache.org/thread/jmks4msbgkl65ssg69x728sv1m0hwz3s"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2025/02/03/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2025/02/11/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20250214-0006/"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-267"}], "source": "security@apache.org", "type": "Secondary"}]}

{"bugzilla": {"description": "org.apache.cassandra:cassandra-all: Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions", "id": "2343722", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343722"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N", "status": "draft"}, "cwe": "CWE-267", "details": ["Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches.\nThis issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2.\nUsers are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue.", "A flaw was found in Apache Cassandra. This vulnerability allows a user with MODIFY permission ON ALL KEYSPACES to escalate privileges to a superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches."], "name": "CVE-2025-23015", "package_state": [{"cpe": "cpe:/a:redhat:a_mq_clients:2", "fix_state": "Not affected", "package_name": "org.apache.cassandra/cassandra-all", "product_name": "A-MQ Clients 2"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Will not fix", "package_name": "org.apache.cassandra/cassandra-all", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Out of support scope", "package_name": "org.apache.cassandra/cassandra-all", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Will not fix", "package_name": "org.apache.cassandra/cassandra-all", "product_name": "Red Hat Integration Camel K 1"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Out of support scope", "package_name": "org.apache.cassandra/cassandra-all", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "cassandra-all", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Not affected", "package_name": "cassandra-all", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "org.apache.cassandra/cassandra-all", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:amq_streams:1", "fix_state": "Not affected", "package_name": "org.apache.cassandra/cassandra-all", "product_name": "streams for Apache Kafka"}], "public_date": "2025-02-04T09:37:18Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-23015\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-23015\nhttps://lists.apache.org/thread/jmks4msbgkl65ssg69x728sv1m0hwz3s"], "threat_severity": "Moderate"}