Thorium Security Vulnerabilities and Issues — Thorium CVE List

Lucene search

CisaThorium

5 matches found

CVE•added 2025/09/17 5:15 p.m.•6 views

CVE-2025-35431

CISA Thorium does not escape user controlled strings used in LDAP queries. An authenticated remote attacker can modify LDAP authorization data such as group memberships. Fixed in 1.1.1.

5.4CVSS6.5AI score0.00048EPSS

CVE•added 2025/09/17 5:15 p.m.•6 views

CVE-2025-35433

CISA Thorium does not properly invalidate previously used tokens when resetting passwords. An attacker that possesses a previously used token could still log in after a password reset. Fixed in 1.1.1.

8.8CVSS6.6AI score0.00047EPSS

CVE•added 2025/09/17 5:15 p.m.•6 views

CVE-2025-35434

CISA Thorium does not validate TLS certificates when connecting to Elasticsearch. An unauthenticated attacker with access to a Thorium cluster could impersonate the Elasticsearch service. Fixed in 1.1.2.

9.8CVSS6.5AI score0.00024EPSS

CVE•added 2025/09/17 5:15 p.m.•6 views

CVE-2025-35435

CISA Thorium accepts a stream split size of zero then divides by this value. A remote, authenticated attacker could cause the service to crash. Fixed in commit 89101a6.

5.3CVSS6.3AI score0.00106EPSS

CVE•added 2025/09/17 5:15 p.m.•5 views

CVE-2025-35432

CISA Thorium does not rate limit requests to send account verification email messages. A remote unauthenticated attacker can send unlimited messages to a user who is pending verification. Fixed in 1.1.1 by adding a rate limit set by default to 10 minutes.

7.5CVSS6.6AI score0.00133EPSS