Description

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to conduct credential testing attacks, such as credential stuffing or password spraying, which poses a risk to accounts with weak or previously compromised passwords. Version 2.69.1 fixes the issue. For organizations with commercial Fides Enterprise licenses, configuring Single Sign-On (SSO) through an OIDC provider (like Azure, Google, or Okta) is an effective workaround. When OIDC SSO is enabled, username/password authentication can be disabled entirely, which eliminates this attack vector. This functionality is not available for Fides Open Source users.

INFO

Published Date :

2025-09-08T21:11:53.369Z

Last Modified :

2025-09-09T13:44:06.409Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-57815 vulnerability.

Vendors Products
Ethyca
  • Fides
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-57815.

URL Resource
https://github.com/ethyca/fides/commit/59903c195e2f9f8915a1db94950aefd557033a5c cve-icon cve-icon
https://github.com/ethyca/fides/releases/tag/2.69.1 cve-icon cve-icon
https://github.com/ethyca/fides/security/advisories/GHSA-7q62-r88r-j5gw cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact