Unrated severityNVD Advisory· Published Sep 17, 2025· Updated Sep 30, 2025

CISA Thorium LDAP injection

CVE-2025-35431

Description

CISA Thorium does not escape user controlled strings used in LDAP queries. An authenticated remote attacker can modify LDAP authorization data such as group memberships. Fixed in 1.1.1.

Affected products

Cisagov/Thoriumllm-fuzzy
Range: <1.1.1
CISA/Thoriumv5
Range: 1.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/cisagov/thorium/commit/7c94a0b9bc2dc55e0c307360452f348bac06820cmitre
github.com/cisagov/thorium/releases/tag/1.1.1mitre
raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-259-01.jsonmitre
www.cve.org/CVERecordmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000