CVE-2025-46331 — Vulnetix

CVE-2025-46331 PUBLISHED CVSS 5.800000190734863 MEDIUM

OpenFGA Authorization Bypass

EPSS 0.32% · 55.7th percentile

Risk Scores

CVSS 4.0

5.800000190734863

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

EPSS Score

0.32%

55.7th percentile

Affected Products

Vendor	Product	Versions
openfga	helm_charts	0.1.36, 0.1.36
github.com	openfga/openfga	1.3.6, 1.3.6
openfga	openfga	, , 1.3.6

Exploit Intelligence

CIRCL seen: CVE-2025-46331 (circl-sighting)
https://github.com/openfga/openfga/security/advisories/GHSA-w222-m46c-mgh6 (circl)
https://github.com/openfga/openfga/commit/244302e7a8b979d66cc1874a3899cdff7d47862f (circl)

Timeline

Jan 21, 1970 Security Advisory
Apr 30, 2025 CVE Published
Apr 30, 2025 PoC Published
May 1, 2025 EPSS Score
May 13, 2025 EPSS Score
May 25, 2025 EPSS Score
Jun 6, 2025 EPSS Score
Jun 17, 2025 EPSS Score
Jun 18, 2025 Coalition ESS Score
Jun 29, 2025 EPSS Score
Jul 11, 2025 EPSS Score
Jul 23, 2025 EPSS Score

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›