Moderate severityNVD Advisory· Published Apr 30, 2025· Updated May 1, 2025
OpenFGA Authorization Bypass
CVE-2025-46331
Description
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.10 to v1.3.6 (Helm chart <= openfga-0.2.28, docker <= v.1.8.10) are vulnerable to authorization bypass when certain Check and ListObject calls are executed. This issue has been patched in version 1.8.11.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/openfga/openfgaGo | >= 1.3.6, < 1.8.11 | 1.8.11 |
Affected products
39- osv-coords38 versionspkg:apk/chainguard/grafana-11.2pkg:apk/chainguard/grafana-11.2-oci-compatpkg:apk/chainguard/grafana-11.3pkg:apk/chainguard/grafana-11.3-oci-compatpkg:apk/chainguard/grafana-11.4pkg:apk/chainguard/grafana-11.4-oci-compatpkg:apk/chainguard/grafana-11.5pkg:apk/chainguard/grafana-11.5-oci-compatpkg:apk/chainguard/grafana-11.6pkg:apk/chainguard/grafana-11.6-oci-compatpkg:apk/chainguard/grafana-12.0pkg:apk/chainguard/grafana-12.0-oci-compatpkg:apk/chainguard/grafana-fips-11.2pkg:apk/chainguard/grafana-fips-11.2-oci-compatpkg:apk/chainguard/grafana-fips-11.3pkg:apk/chainguard/grafana-fips-11.3-oci-compatpkg:apk/chainguard/grafana-fips-11.4pkg:apk/chainguard/grafana-fips-11.4-oci-compatpkg:apk/chainguard/grafana-fips-11.5pkg:apk/chainguard/grafana-fips-11.5-oci-compatpkg:apk/chainguard/grafana-fips-11.6pkg:apk/chainguard/grafana-fips-11.6-oci-compatpkg:apk/chainguard/grafana-fips-12.0pkg:apk/chainguard/grafana-fips-12.0-oci-compatpkg:apk/wolfi/grafana-11.2pkg:apk/wolfi/grafana-11.2-oci-compatpkg:apk/wolfi/grafana-11.3pkg:apk/wolfi/grafana-11.3-oci-compatpkg:apk/wolfi/grafana-11.4pkg:apk/wolfi/grafana-11.4-oci-compatpkg:apk/wolfi/grafana-11.5pkg:apk/wolfi/grafana-11.5-oci-compatpkg:apk/wolfi/grafana-11.6pkg:apk/wolfi/grafana-11.6-oci-compatpkg:apk/wolfi/grafana-12.0pkg:apk/wolfi/grafana-12.0-oci-compatpkg:golang/github.com/openfga/openfgapkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
< 11.2.10.01-r7+ 37 more
- (no CPE)range: < 11.2.10.01-r7
- (no CPE)range: < 11.2.10.01-r7
- (no CPE)range: < 11.3.9-r5
- (no CPE)range: < 11.3.9-r5
- (no CPE)range: < 11.4.8-r2
- (no CPE)range: < 11.4.8-r2
- (no CPE)range: < 11.5.10-r0
- (no CPE)range: < 11.5.10-r0
- (no CPE)range: < 11.6.8-r0
- (no CPE)range: < 11.6.8-r0
- (no CPE)range: < 12.0.0-r3
- (no CPE)range: < 12.0.0-r3
- (no CPE)range: < 11.2.10.01-r6
- (no CPE)range: < 11.2.10.01-r6
- (no CPE)range: < 11.3.9-r4
- (no CPE)range: < 11.3.9-r4
- (no CPE)range: < 11.4.8-r2
- (no CPE)range: < 11.4.8-r2
- (no CPE)range: < 11.5.10-r0
- (no CPE)range: < 11.5.10-r0
- (no CPE)range: < 11.6.7-r0
- (no CPE)range: < 11.6.7-r0
- (no CPE)range: < 12.0.0-r2
- (no CPE)range: < 12.0.0-r2
- (no CPE)range: < 11.2.10.01-r7
- (no CPE)range: < 11.2.10.01-r7
- (no CPE)range: < 11.3.9-r5
- (no CPE)range: < 11.3.9-r5
- (no CPE)range: < 11.4.8-r2
- (no CPE)range: < 11.4.8-r2
- (no CPE)range: < 11.5.10-r0
- (no CPE)range: < 11.5.10-r0
- (no CPE)range: < 11.6.8-r0
- (no CPE)range: < 11.6.8-r0
- (no CPE)range: < 12.0.0-r3
- (no CPE)range: < 12.0.0-r3
- (no CPE)range: >= 1.3.6, < 1.8.11
- (no CPE)range: < 0.0.20250515T200012-1.1
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-w222-m46c-mgh6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-46331ghsaADVISORY
- github.com/openfga/openfga/commit/244302e7a8b979d66cc1874a3899cdff7d47862fghsax_refsource_MISCWEB
- github.com/openfga/openfga/security/advisories/GHSA-w222-m46c-mgh6ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.