VDB
CVE-2025-49011
CVE-2025-49011
PUBLISHED
CVSS 3.700000047683716 LOW
SpiceDB checks involving relations with caveats can result in no permission when permission is expected
EPSS 0.19% · 40.7th percentile
Risk Scores
CVSS v3.1
3.700000047683716
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
0.19%
40.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | authzed/spicedb | 0, 0 |
| authzed | spicedb | < 1.44.2, 0, < 1.44.2 |
Timeline
- Jan 21, 1970 Security Advisory
- Jun 6, 2025 CVE Published
- Jun 6, 2025 PoC Published
- Jun 7, 2025 EPSS Score
- Jun 9, 2025 Coalition ESS Score
- Jun 10, 2025 CVE Updated
- Jun 18, 2025 EPSS Score
- Jun 28, 2025 EPSS Score
- Jul 9, 2025 EPSS Score
- Jul 19, 2025 EPSS Score
- Jul 30, 2025 EPSS Score
- Aug 9, 2025 EPSS Score
References
- https://github.com/authzed/spicedb/security/advisories/GHSA-cwwm-hr97-qfxm url
- https://github.com/authzed/spicedb/commit/fe8dd9f491f6975b3408c401e413a530eb181a67 url
- https://github.com/authzed/spicedb/releases/tag/v1.44.2 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-49011 advisory
- https://github.com/authzed/spicedb package