PT-2025-4767 · Apache · Apache Cassandra

Adam Pond

+3

·

Publicado

2025-01-10

·

Atualizado

2026-05-18

·

CVE-2025-23015

CVSS v2.0

9.0

Alta

VetorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Apache Cassandra versions 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2
Description A privilege escalation issue exists in Apache Cassandra, where a user with MODIFY permission on all keyspaces can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches.
Recommendations To resolve the issue, upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, or 5.0.3, which fixes the issue. Operators should review data access rules for potential breaches.

Correção

LPE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-267

Identificadores relacionados

AZL-56436
AZL-56443
BDU:2025-01582
BIT-CASSANDRA-2025-23015
CLEANSTART-2026-CI66802
CLEANSTART-2026-DD05788
CLEANSTART-2026-KM27583
CLEANSTART-2026-SP91806
CLEANSTART-2026-VH41554
CVE-2025-23015
GHSA-WMCC-9VCH-JMX4

Produtos afetados

Apache Cassandra