Home

Description

An issue in the permission verification module and organization/application editing interface in Casdoor before 2.26.0 allows remote authenticated administrators of any organization within the system to bypass the system's permission verification mechanism by directly concatenating URLs after login

PUBLISHED Reserved 2025-09-26 | Published 2025-10-08 | Updated 2025-10-08 | Assigner mitre

References

casdoor.com

gist.github.com/DevHjz/e75cea851d48e5f5478ac2a90757851a

cve.org (CVE-2025-61524)

nvd.nist.gov (CVE-2025-61524)

Download JSON