CVE-2025-35431

CVE-2025-35431 affects CISA Thorium: LDAP injection arises from not escaping user-controlled LDAP query strings. An authenticated remote attacker could modify LDAP authorization data (e.g., group memberships). Root cause is lack of escaping in LDAP queries; impact includes potential unauthorized ...