CVE-2025-8795

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: LitmusChaos Litmus versions prior to 3.19.1

Description: A critical vulnerability exists in LitmusChaos Litmus. The issue affects an unknown part of the /auth/login file. Manipulation of the projectID argument results in improper access controls, allowing for remote exploitation. The exploit has been publicly disclosed and may be used. The vendor was contacted regarding this disclosure but did not respond.

Recommendations: Update LitmusChaos Litmus to version 3.19.1 or later.

Exploit

Fix

Improper Access Control

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-266

Related Identifiers

CVE-2025-8795

Affected Products

Litmuschaos

CVE-2025-8795

Weakness Enumeration

Related Identifiers

Affected Products

References · 12