CVE-2025-62395 | THREATINT

Description

A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data.

PUBLISHED Reserved 2025-10-13 | Published 2025-10-23 | Updated 2025-10-23 | Assigner fedora

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem types

Improper Access Control

Product status

Default status

unaffected

5.0.0 (semver) before 5.0.3

affected

4.5.0 (semver) before 4.5.7

affected

4.4.0 (semver) before 4.4.11

affected

4.1.0 (semver) before 4.1.21

affected

Timeline

2025-10-16:	Reported to Red Hat.
2025-10-14:	Made public.

Credits

Red Hat would like to thank Paul Holden for reporting this issue.

References

access.redhat.com/security/cve/CVE-2025-62395 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2404428 (RHBZ#2404428) issue-tracking

cve.org (CVE-2025-62395)

nvd.nist.gov (CVE-2025-62395)

Download JSON