CVE-2025-61524
published 2025-10-08CVE-2025-61524: An issue in the permission verification module and organization/application editing interface in Casdoor v2.26.0 and before, and fixed in v.2.63.0, allows…
PriorityP347high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.60%
44.2th percentile
An issue in the permission verification module and organization/application editing interface in Casdoor v2.26.0 and before, and fixed in v.2.63.0, allows remote authenticated administrators of any organization within the system to bypass the system's permission verification mechanism by directly concatenating URLs after login
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | casdoor_casdoor | >= 0 < 2.63.0 | 2.63.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Casdoor is vulnerable to Improper Authorization in github.com/casdoor/casdoor
osv·2025-10-30
CVE-2025-61524 Casdoor is vulnerable to Improper Authorization in github.com/casdoor/casdoor
Casdoor is vulnerable to Improper Authorization in github.com/casdoor/casdoor
Casdoor is vulnerable to Improper Authorization in github.com/casdoor/casdoor.
NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.
(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)
The additional affected modules and versions are: github.com/casdoor/casdoor before v2.63.0.
GHSA
Casdoor is vulnerable to Improper Authorization
ghsa·2025-10-08
CVE-2025-61524 [HIGH] CWE-285 Casdoor is vulnerable to Improper Authorization
Casdoor is vulnerable to Improper Authorization
An issue in the permission verification module and organization/application editing interface in Casdoor before 2.63.0 allows remote authenticated administrators of any organization within the system to bypass the system's permission verification mechanism by directly concatenating URLs after login.
OSV
Casdoor is vulnerable to Improper Authorization
osv·2025-10-08
CVE-2025-61524 [HIGH] Casdoor is vulnerable to Improper Authorization
Casdoor is vulnerable to Improper Authorization
An issue in the permission verification module and organization/application editing interface in Casdoor before 2.63.0 allows remote authenticated administrators of any organization within the system to bypass the system's permission verification mechanism by directly concatenating URLs after login.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-10-08
Published