CVE-2025-24365

Name of the Vulnerable Software and Affected Versions vaultwarden versions prior to 1.33.0

Description The issue allows an attacker to obtain owner rights of another organization. To exploit this, the attacker must know the ID of the victim organization and be the owner or admin of another organization. This can be done by default, as anyone can create their own organization. The estimated number of potentially affected devices is not specified.

Recommendations For versions prior to 1.33.0, upgrade to version 1.33.0 to prevent unauthorized access. As a temporary workaround, consider restricting access to the organization management functionality until the issue is resolved. Additionally, it is recommended to disable any unused functionality in the application to minimize the risk of exploitation.