PT-2025-41302 · Casdoor · Casdoor

Devhjz

Published

2025-10-08

Updated

2025-11-07

CVE-2025-61524

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Casdoor versions prior to 2.26.0

Description A flaw exists in the permission verification module and organization/application editing interface. This allows remotely authenticated administrators of any organization to circumvent the system's permission checks by manipulating URLs after logging in.

Recommendations Update to version 2.26.0 or later.

Exploit

Fix

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285

Related Identifiers

CVE-2025-61524

GHSA-5M9M-J5P7-M7F9

GO-2025-4026

OPENSUSE-SU-2025:15710-1

Affected Products

Casdoor

PT-2025-41302 · Casdoor · Casdoor

CVE-2025-61524

Weakness Enumeration

Related Identifiers

Affected Products

References · 84