PT-2025-24459 · Apache+1 · Apache Cassandra+1
Adam Pond
+3
·
Published
2025-02-10
·
Updated
2025-09-23
·
CVE-2025-26467
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Apache Cassandra versions 3.0.30
Apache Cassandra versions 3.11.17
Apache Cassandra versions 4.0.16
Apache Cassandra versions 4.1.7
Apache Cassandra versions 5.0.2
Description:
A privilege escalation issue exists in Apache Cassandra where a user with MODIFY permission on all keyspaces can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. This can potentially impact the confidentiality, integrity, and availability of protected information.
Recommendations:
Upgrade to Apache Cassandra version 4.0.17 to resolve the issue.
Follow the recommendations from CVE-2025-23015 for versions 3.0, 3.11, 4.1, and 5.0.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apache Cassandra
Red Os