CVE-2025-14987

🗓️ 30 Dec 2025 20:16:20Reported by TemporalType

Cross Namespace Commands may let a worker act in another namespace despite authorization, bypassing the gRPC boundary.

Reporter	Title	Published	Views	Family All 20
Circl	CVE-2025-14987	24 Jan 202622:43	–	circl
CNNVD	Temporal—durable 安全漏洞	30 Dec 202500:00	–	cnnvd
Cvelist	CVE-2025-14987 Cross Namespace Commands Authorization Bypass	30 Dec 202520:16	–	cvelist
EUVD	EUVD-2025-205855	30 Dec 202521:30	–	euvd
Github Security Blog	Temporal has an Incorrect Authorization vulnerability	30 Dec 202521:30	–	github
NVD	CVE-2025-14987	30 Dec 202521:15	–	nvd
OSV	GHSA-HMHP-GH8M-C8XP Temporal has an Incorrect Authorization vulnerability	30 Dec 202521:30	–	osv
OSV	GO-2026-4273 Temporal has an Incorrect Authorization vulnerability in go.temporal.io/server	14 Jan 202619:15	–	osv
OSV	SUSE-SU-2026:0142-1 Security update for govulncheck-vulndb	17 Jan 202607:33	–	osv
Positive Technologies	PT-2025-52239	18 Dec 202500:00	–	ptsecurity

[
  {
    "collectionURL": "https://github.com/temporalio/temporal",
    "defaultStatus": "unaffected",
    "packageName": "temporal",
    "product": "Temporal",
    "repo": "https://github.com/temporalio/temporal",
    "vendor": "Temporal",
    "versions": [
      {
        "lessThanOrEqual": "1.29.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "1.28.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "1.27.3",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
github	www.github.com/temporalio/temporal/releases/tag/v1.29.2
github	www.github.com/temporalio/temporal/releases/tag/v1.28.2
github	www.github.com/temporalio/temporal/releases/tag/v1.27.4

15 Apr 2026 00:35Current

6.9Medium risk

Vulners AI Score6.9

CVSS 45.3

EPSS0.00021

SSVC

CWE-863