PT-2025-38230 · Cisa · Thorium

Published

2025-09-17

·

Updated

2025-09-17

·

CVE-2025-35431

CVSS v3.1
5.4
VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA Thorium does not escape user controlled strings used in LDAP queries. An authenticated remote attacker can modify LDAP authorization data such as group memberships. Fixed in 1.1.1.

Fix

Weakness Enumeration

CWE-90

Related Identifiers

CVE-2025-35431

Affected Products

Thorium