5 matches found
CVE-2025-64751 OpenFGA Improper Policy Enforcement
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.4.0 to v1.11.0 openfga-0.1.34 = Helm chart = openfga-0.2.48, v.1.4.0 = docker = v.1.11.0 are vulnerable to improper policy enforcement when certain Check and...
CVE-2025-64751 OpenFGA Improper Policy Enforcement
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.4.0 to v1.11.0 openfga-0.1.34 = Helm chart = openfga-0.2.48, v.1.4.0 = docker = v.1.11.0 are vulnerable to improper policy enforcement when certain Check and...
Authorization Bypass
github.com/openfga/openfga is vulnerable to Authorization Bypass. The vulnerability is due to improper enforcement of access control policies during execution of Check and ListObject calls in OpenFGA, which allows an attacker to bypass intended access control and gain unauthorized permissions...
PT-2025-33691 · Openfga · Openfga
Name of the Vulnerable Software and Affected Versions: OpenFGA versions 1.9.3 through 1.9.4 Description: OpenFGA is an authorization/permission engine. Versions 1.9.3 through 1.9.4 are susceptible to improper policy enforcement during specific Check and ListObject calls. Recommendations: Upgrade ...
SUSE CVE-2025-46331
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.10 to v1.3.6 Helm chart = openfga-0.2.28, docker = v.1.8.10 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Th...