CVE-2025-8796

Name of the Vulnerable Software and Affected Versions: LitmusChaos versions up to 3.19.0

Description: A problematic issue exists in LitmusChaos related to missing authorization checks within the Delete Request Handler component. The vulnerability resides in the /auth/delete project/ file and is triggered by manipulating the projectID argument. This allows for remote deletion without proper authorization. The exploit details have been publicly disclosed, and the vendor was notified but did not respond.

Recommendations: LitmusChaos versions prior to 3.19.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.