Description

An issue in the permission verification module and organization/application editing interface in Casdoor v2.26.0 and before, and fixed in v.2.63.0, allows remote authenticated administrators of any organization within the system to bypass the system's permission verification mechanism by directly concatenating URLs after login

INFO

Published Date :

2025-10-08T00:00:00.000Z

Last Modified :

2025-10-14T14:11:52.908Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-61524 vulnerability.

Vendors Products
Casbin
  • Casdoor
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-61524.

URL Resource
http://casdoor.com cve-icon cve-icon
https://gist.github.com/DevHjz/e75cea851d48e5f5478ac2a90757851a cve-icon cve-icon cve-icon
https://github.com/casdoor/casdoor/commit/d883db907bb6e0b95737ef8e8b57b7da9078cbdd cve-icon cve-icon
https://github.com/casdoor/casdoor/releases/tag/v2.63.0 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact