CVE-2025-57766

Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.69.1

Description: Fides is an open-source privacy engineering platform. Admin UI user password changes do not invalidate active user sessions prior to version 2.69.1, creating a vulnerability chaining opportunity. Attackers who have obtained session tokens through other attack vectors, such as cross-site scripting (XSS), can maintain access even after a password reset. This issue is not directly exploitable on its own and requires a prerequisite vulnerability to obtain valid session tokens.

Recommendations: Upgrade to version 2.69.1 or later.