CVE-2025-64751

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenFGA versions 1.4.0 through 1.11.0

Description OpenFGA is an authorization/permission engine. Versions 1.4.0 through 1.11.0 are subject to improper policy enforcement during specific Check and ListObject calls.

Recommendations Update to version 1.11.1 or later.

Exploit

Fix

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285

Related Identifiers

CVE-2025-64751

ECHO-5B8E-8853-EA82

GHSA-2C64-VMV2-HGFC

GO-2025-4150

OPENSUSE-SU-2026:20654-1

SUSE-SU-2025:4395-1

SUSE-SU-2025:4444-1

SUSE-SU-2025:4446-1

SUSE-SU-2025:4479-1

SUSE-SU-2025:4482-1

Affected Products

Openfga

CVE-2025-64751

Weakness Enumeration

Related Identifiers

Affected Products

References · 82