CVE-2025-4210
published 2025-05-02CVE-2025-4210: A vulnerability classified as critical was found in Casdoor up to 1.811.0. This vulnerability affects the function HandleScim of the file controllers/scim.go…
PriorityP277high7.3CVSS 3.1
AVNACLPRNUINSUCLILAL
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.81%
76.0th percentile
A vulnerability classified as critical was found in Casdoor up to 1.811.0. This vulnerability affects the function HandleScim of the file controllers/scim.go of the component SCIM User Creation Endpoint. The manipulation leads to authorization bypass. The attack can be initiated remotely. Upgrading to version 1.812.0 is able to address this issue. The name of the patch is 3d12ac8dc2282369296c3386815c00a06c6a92fe. It is recommended to upgrade the affected component.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | casdoor_casdoor | >= 0 < 1.812.0 | 1.812.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →Unauthenticated GET request to /scim/v2/Users or /api/scim/v2/Users returning HTTP 200 with SCIM JSON body indicates successful authorization bypass ↗
- →Response Content-Type header of 'application/scim+json' or 'application/json' combined with body keywords 'schemas', 'totalResults', 'Resources', 'givenName' on the SCIM endpoint confirms exploitation ↗
- →Vulnerable versions are Casdoor up to and including 1.811.0; patched in 1.812.0 via commit 3d12ac8dc2282369296c3386815c00a06c6a92fe in HandleScim function ↗
- ·The Nuclei template uses stop-at-first-match across both SCIM endpoint paths, so only the first responding path is evaluated; both /scim/v2/Users and /api/scim/v2/Users should be tested independently in custom tooling ↗
- ·The template requires max-requests of 2 (one per path variant), meaning detection probes are limited and a non-200 on the first path will fall through to the second ↗
CVSS provenance
nvdv3.17.3HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck6.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Casdoor SCIM User Creation Endpoint scim.go HandleScim authorization in github.com/casdoor/casdoor
osv·2025-05-06
CVE-2025-4210 Casdoor SCIM User Creation Endpoint scim.go HandleScim authorization in github.com/casdoor/casdoor
Casdoor SCIM User Creation Endpoint scim.go HandleScim authorization in github.com/casdoor/casdoor
Casdoor SCIM User Creation Endpoint scim.go HandleScim authorization in github.com/casdoor/casdoor
OSV
Casdoor SCIM User Creation Endpoint scim.go HandleScim authorization in github.com/casdoor/casdoor
osv·2025-05-02
CVE-2025-4210 [MEDIUM] Casdoor SCIM User Creation Endpoint scim.go HandleScim authorization in github.com/casdoor/casdoor
Casdoor SCIM User Creation Endpoint scim.go HandleScim authorization in github.com/casdoor/casdoor
A vulnerability classified as critical was found in Casdoor up to 1.811.0. This vulnerability affects the function HandleScim of the file controllers/scim.go of the component SCIM User Creation Endpoint. The manipulation leads to authorization bypass. The attack can be initiated remotely. Upgrading to version 1.812.0 is able to address this issue. The name of the patch is 3d12ac8dc2282369296c3386815c00a06c6a92fe. It is recommended to upgrade the affected component.
GHSA
Casdoor SCIM User Creation Endpoint scim.go HandleScim authorization in github.com/casdoor/casdoor
ghsa·2025-05-02
CVE-2025-4210 [MEDIUM] CWE-285 Casdoor SCIM User Creation Endpoint scim.go HandleScim authorization in github.com/casdoor/casdoor
Casdoor SCIM User Creation Endpoint scim.go HandleScim authorization in github.com/casdoor/casdoor
A vulnerability classified as critical was found in Casdoor up to 1.811.0. This vulnerability affects the function HandleScim of the file controllers/scim.go of the component SCIM User Creation Endpoint. The manipulation leads to authorization bypass. The attack can be initiated remotely. Upgrading to version 1.812.0 is able to address this issue. The name of the patch is 3d12ac8dc2282369296c3386815c00a06c6a92fe. It is recommended to upgrade the affected component.
VulnCheck
casbin casdoor Improper Authorization
vulncheck·2025·CVSS 6.9
CVE-2025-4210 [MEDIUM] casbin casdoor Improper Authorization
casbin casdoor Improper Authorization
A vulnerability classified as critical was found in Casdoor up to 1.811.0. This vulnerability affects the function HandleScim of the file controllers/scim.go of the component SCIM User Creation Endpoint. The manipulation leads to authorization bypass. The attack can be initiated remotely. Upgrading to version 1.812.0 is able to address this issue. The name of the patch is 3d12ac8dc2282369296c3386815c00a06c6a92fe. It is recommended to upgrade the affected component.
Affected: Casdoor Casdoor
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.cve.org/CVERecord?id=CVE-2025-4210; https://api.vulncheck.com/v3/inde
No detection rules found.
Nuclei
Casdoor - Authorization Bypass
nuclei·CVSS 6.9
CVE-2025-4210 [MEDIUM] Casdoor - Authorization Bypass
Casdoor - Authorization Bypass
Casdoor up to 1.811.0 contains an authorization bypass caused by manipulation in HandleScim function in controllers/scim.go, letting remote attackers bypass authorization, exploit requires remote access.
Template:
id: CVE-2025-4210
info:
name: Casdoor - Authorization Bypass
author: theamanrawat
severity: high
description: |
Casdoor up to 1.811.0 contains an authorization bypass caused by manipulation in HandleScim function in controllers/scim.go, letting remote attackers bypass authorization, exploit requires remote access.
impact: |
Attackers can bypass authorization, potentially gaining unauthorized access to sensitive data or functionalities.
remediation: |
Upgrade to version 1.812.0.
reference:
- https://github.com/casdoor/casdoor/commit/3d12ac8dc2282
2025-05-02
Published
Exploited in the wild