PT-2025-20866 · Mendix · Mendix Oidc Sso
Published
2025-05-13
·
Updated
2025-05-13
·
CVE-2025-40571
CVSS v3.1
2.2
Low
| Vector | AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Mendix OIDC SSO (Mendix 10 compatible) versions prior to V4.0.0
Mendix OIDC SSO (Mendix 9 compatible) (affected versions not specified)
Description:
A vulnerability has been identified in the Mendix OIDC SSO module, which grants read and write access to all tokens exclusively to the Administrator role. This could result in privilege misuse by an adversary modifying the module during Mendix development.
Recommendations:
For Mendix OIDC SSO (Mendix 10 compatible) versions prior to V4.0.0, update to version V4.0.0 or later.
For Mendix OIDC SSO (Mendix 9 compatible), at the moment, there is no information about a newer version that contains a fix for this vulnerability.
LPE
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mendix Oidc Sso