CVE-2025-23015

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache Cassandra versions 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2

Description A privilege escalation issue exists in Apache Cassandra, where a user with MODIFY permission on all keyspaces can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches.

Recommendations To resolve the issue, upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, or 5.0.3, which fixes the issue. Operators should review data access rules for potential breaches.

Fix

LPE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-267

Related Identifiers

AZL-56436

AZL-56443

BDU:2025-01582

BIT-CASSANDRA-2025-23015

CLEANSTART-2026-CI66802

CLEANSTART-2026-DD05788

CLEANSTART-2026-KM27583

CLEANSTART-2026-SP91806

CLEANSTART-2026-VH41554

CVE-2025-23015

GHSA-WMCC-9VCH-JMX4

Affected Products

Apache Cassandra

CVE-2025-23015

Weakness Enumeration

Related Identifiers

Affected Products

References · 265