CVE-2025-8796 — Missing Authorization in Litmus

CWE-862 — Missing Authorization CWE-863 — Incorrect Authorization2 documents2 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 80.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Litmuschaos Litmus

Timeline

PublishedAug 10

Description

A vulnerability has been found in LitmusChaos Litmus up to 3.19.0 and classified as problematic. This vulnerability affects unknown code of the file /auth/delete_project/ of the component Delete Request Handler. The manipulation of the argument projectID leads to missing authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDlitmuschaos/litmus3.19.0

▶CVEListV5litmuschaos/litmus20 versions+19

🔴Vulnerability Details

GHSA

GHSA-3fpx-64j2-m33g: A vulnerability has been found in LitmusChaos Litmus up to 3↗2025-08-10

▶