CVE-2025-65111

Name of the Vulnerable Software and Affected Versions SpiceDB versions prior to 1.47.1

Description SpiceDB is a database system used for managing security-critical application permissions. Versions of SpiceDB prior to 1.47.1 may exhibit incomplete LookupResources results when checking permissions under specific schema configurations. This occurs when a schema defines a permission using a union (+) operator, and that union references the same relation on both sides, but with one side pointing to a different permission. Other APIs correctly calculate permissionship.

Recommendations Update to version 1.47.1 or later.