Опубликовано: 17 сент. 2025
Источник: github
Github: Не прошло ревью
CVSS4: 5.3
CVSS3: 5.4
Описание
CISA Thorium does not escape user controlled strings used in LDAP queries. An authenticated remote attacker can modify LDAP authorization data such as group memberships. Fixed in 1.1.1.
CISA Thorium does not escape user controlled strings used in LDAP queries. An authenticated remote attacker can modify LDAP authorization data such as group memberships. Fixed in 1.1.1.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-35431
- https://github.com/cisagov/thorium/commit/7c94a0b9bc2dc55e0c307360452f348bac06820c#diff-45e1e58dfb6faacf9efe778c31ead287d8e13ae07c5dad084c792bc4a0605a68R1007-R1008
- https://github.com/cisagov/thorium/releases/tag/1.1.1
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-259-01.json
- https://www.cve.org/CVERecord?id=CVE-2025-35431
Связанные уязвимости
CVSS3: 5.4
nvd
5 месяцев назад
CISA Thorium does not escape user controlled strings used in LDAP queries. An authenticated remote attacker can modify LDAP authorization data such as group memberships. Fixed in 1.1.1.