cbcvebase.
CVE-2025-24365
published 2025-01-27

CVE-2025-24365: vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker can obtain owner rights of other…

PriorityP344high7.5CVSS 3.1
AVNACHPRLUINSUCHIHAH
EPSS
0.65%
46.7th percentile
vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker can obtain owner rights of other organization. Hacker should know the ID of victim organization (in real case the user can be a part of the organization as an unprivileged user) and be the owner/admin of other organization (by default you can create your own organization) in order to attack. This vulnerability is fixed in 1.33.0.

Affected

1 ranges
VendorProductVersion rangeFixed in
dani-garciavaultwarden< 1.33.01.33.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.