CVE-2025-24365
published 2025-01-27CVE-2025-24365: vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker can obtain owner rights of other…
PriorityP344high7.5CVSS 3.1
AVNACHPRLUINSUCHIHAH
EPSS
0.65%
46.7th percentile
vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker can obtain owner rights of other organization. Hacker should know the ID of victim organization (in real case the user can be a part of the organization as an unprivileged user) and be the owner/admin of other organization (by default you can create your own organization) in order to attack. This vulnerability is fixed in 1.33.0.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dani-garcia | vaultwarden | < 1.33.0 | 1.33.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
Suricata
ET WEB_SPECIFIC_APPS Vaultwarden Escalation of Privilege via OrgHeaders Variable Confusion (CVE-2025-24365)
suricata·2025-12-09·CVSS 8.1
CVE-2025-24365 [HIGH] ET WEB_SPECIFIC_APPS Vaultwarden Escalation of Privilege via OrgHeaders Variable Confusion (CVE-2025-24365)
ET WEB_SPECIFIC_APPS Vaultwarden Escalation of Privilege via OrgHeaders Variable Confusion (CVE-2025-24365)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Vaultwarden Escalation of Privilege via OrgHeaders Variable Confusion (CVE-2025-24365)"; flow:established,to_server; http.uri; content:"/api/organizations/"; fast_pattern; startswith; pcre:"/^(?P[^\x2f]+).*?organizationId\x3d(?!(?P=orgid))/R"; reference:url,github.com/dani-garcia/vaultwarden/security/advisories/GHSA-j4h8-vch3-f797; reference:cve,2025-24365; classtype:web-application-attack; sid:2066208; rev:1; metadata:attack_target Server, tls_state TLSDecrypt, created_at 2025_12_09, cve CVE_2025_24365, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence High, signature_severity Major, tag
No public exploits indexed.
No writeups or analysis indexed.
2025-01-27
Published