Home

Description

In Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admin" could perform a REST API call on read-only endpoints, allowing him to collect some information, due to missing authorization checks.

PUBLISHED Reserved 2025-06-16 | Published 2025-08-06 | Updated 2025-08-06 | Assigner mitre

References

gatling.io/products

github.com/...4/vulnerabilities/tree/main/gatling-enterprise

github.com/...rprise/CVE-2025-51308-broken-access-control.md

cve.org (CVE-2025-51308)

nvd.nist.gov (CVE-2025-51308)

Download JSON