CVE-2025-57815

Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.69.1

Description: Fides is an open-source privacy engineering platform. The Admin UI login endpoint relies on a general IP-based rate limit and lacks specific anti-automation controls, potentially allowing attackers to conduct credential testing attacks, such as credential stuffing or password spraying, against accounts with weak or previously compromised passwords.

Recommendations: Update to version 2.69.1 or later. For organizations with Fides Enterprise licenses, configure Single Sign-On (SSO) through an OIDC provider (like Azure, Google, or Okta) and disable username/password authentication.