CVE-2025-57817
published 2025-09-08CVE-2025-57817: Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not…
PriorityP345high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.39%
31.0th percentile
Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with `client:create` or `client:update` permissions to escalate their privileges to owner-level. Version 2.69.1 fixes the issue. No known workarounds are available.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ethyca | fides | < 2.69.1 | 2.69.1 |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.6HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation
osv·2025-09-08
CVE-2025-57817 [HIGH] Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation
Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation
### Summary
The OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with `client:create` or `client:update` permissions to escalate their privileges to owner-level.
### Details
When creating or updating OAuth clients, the API validates only that requested scopes exist in the system registry. It does not verify that the requester already possesses the scopes they are assigning, allowing these users to assign arbitrary scopes to OAuth clients.
### Impact
This allows contributor-level users to escalate to owner-equivalent privileges, gaining access to user management, system configuration, and permission assignment capabili
GHSA
Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation
ghsa·2025-09-08
CVE-2025-57817 [HIGH] CWE-862 Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation
Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation
### Summary
The OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with `client:create` or `client:update` permissions to escalate their privileges to owner-level.
### Details
When creating or updating OAuth clients, the API validates only that requested scopes exist in the system registry. It does not verify that the requester already possesses the scopes they are assigning, allowing these users to assign arbitrary scopes to OAuth clients.
### Impact
This allows contributor-level users to escalate to owner-equivalent privileges, gaining access to user management, system configuration, and permission assignment capabili
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-08
Published