Home

Description

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.9.3 to v1.9.4 ( openfga-0.2.40 <= Helm chart <= openfga-0.2.41, v1.9.3 <= docker <= v.1.9.4) are vulnerable to improper policy enforcement when certain Check and ListObject calls are executed. This vulnerability is fixed in 1.9.5.

PUBLISHED Reserved 2025-08-08 | Published 2025-08-18 | Updated 2025-08-18 | Assigner GitHub_M




MEDIUM: 5.8CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

Problem types

CWE-863: Incorrect Authorization

Product status

>= 1.9.3, < 1.9.5
affected

References

github.com/...penfga/security/advisories/GHSA-mgh9-4mwp-fg55

github.com/...ommit/1a7e0e37fc4777c824b2386cac4867a66f3480b0

cve.org (CVE-2025-55213)

nvd.nist.gov (CVE-2025-55213)

Download JSON