CVE-2025-8796

🗓️ 10 Aug 2025 06:02:06Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 14 Views🌐 WEB

CVE-2025-8796: LitmusChaos up to 3.19.0 remote authorization bypass via projectID in /auth/delete_project/; public disclosure; vendor unresponsive

Reporter	Title	Published	Views	Family All 7
CNNVD	LitmusChaos 安全漏洞	10 Aug 202500:00	–	cnnvd
Cvelist	CVE-2025-8796 LitmusChaos Litmus Delete Request delete_project authorization	10 Aug 202506:02	–	cvelist
EUVD	EUVD-2025-24076	3 Oct 202520:07	–	euvd
NVD	CVE-2025-8796	10 Aug 202506:15	–	nvd
Positive Technologies	PT-2025-32470 · Unknown · Litmuschaos	10 Aug 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-8796	12 Aug 202506:36	–	redhatcve
Vulnrichment	CVE-2025-8796 LitmusChaos Litmus Delete Request delete_project authorization	10 Aug 202506:02	–	vulnrichment

NVD

Vulners

Node

litmuschaos litmusRange≤3.19.0

[
  {
    "vendor": "LitmusChaos",
    "product": "Litmus",
    "versions": [
      {
        "version": "3.0",
        "status": "affected"
      },
      {
        "version": "3.1",
        "status": "affected"
      },
      {
        "version": "3.2",
        "status": "affected"
      },
      {
        "version": "3.3",
        "status": "affected"
      },
      {
        "version": "3.4",
        "status": "affected"
      },
      {
        "version": "3.5",
        "status": "affected"
      },
      {
        "version": "3.6",
        "status": "affected"
      },
      {
        "version": "3.7",
        "status": "affected"
      },
      {
        "version": "3.8",
        "status": "affected"
      },
      {
        "version": "3.9",
        "status": "affected"
      },
      {
        "version": "3.10",
        "status": "affected"
      },
      {
        "version": "3.11",
        "status": "affected"
      },
      {
        "version": "3.12",
        "status": "affected"
      },
      {
        "version": "3.13",
        "status": "affected"
      },
      {
        "version": "3.14",
        "status": "affected"
      },
      {
        "version": "3.15",
        "status": "affected"
      },
      {
        "version": "3.16",
        "status": "affected"
      },
      {
        "version": "3.17",
        "status": "affected"
      },
      {
        "version": "3.18",
        "status": "affected"
      },
      {
        "version": "3.19.0",
        "status": "affected"
      }
    ],
    "modules": [
      "Delete Request Handler"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
github	www.github.com/MaiqueSilva/VulnDB/blob/main/readme06.md
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
projectID	request body	/auth/delete_project/	Missing authorization due to manipulated projectID in delete_project endpoint	CWE-862, CWE-863

29 Apr 2026 01:00Current

7.2High risk

Vulners AI Score7.2

CVSS 45.3

CVSS 3.15.4

CVSS 25.5

CVSS 35.4

EPSS0.00088

SSVC

litmuschaos remote exploit authorization bypass project id delete endpoint public disclosure vendor unresponsive