Moderate severityNVD Advisory· Published Nov 21, 2025· Updated Nov 24, 2025
OpenFGA Improper Policy Enforcement
CVE-2025-64751
Description
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.4.0 to v1.11.0 ( openfga-0.1.34 <= Helm chart <= openfga-0.2.48, v.1.4.0 <= docker <= v.1.11.0) are vulnerable to improper policy enforcement when certain Check and ListObject calls are executed. This issue has been patched in version 1.11.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/openfga/openfgaGo | >= 1.4.0, < 1.11.1 | 1.11.1 |
Affected products
20- osv-coords19 versionspkg:apk/chainguard/grafana-11.6pkg:apk/chainguard/grafana-12.2pkg:apk/chainguard/grafana-fips-11.6pkg:apk/chainguard/grafana-fips-12.2pkg:apk/wolfi/grafana-12.2pkg:golang/github.com/openfga/openfgapkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/grafana&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/grafana&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/grafana&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/grafana&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-12pkg:rpm/suse/grafana&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-15pkg:rpm/suse/Multi-Linux-ManagerTools-SLE-release&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-12pkg:rpm/suse/release-notes-susemanager&distro=SUSE%20Manager%20Server%20LTS%204.3pkg:rpm/suse/release-notes-susemanager-proxy&distro=SUSE%20Manager%20Proxy%20LTS%204.3pkg:rpm/suse/uyuni-tools&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-12pkg:rpm/suse/uyuni-tools&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-15pkg:rpm/suse/uyuni-tools&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-Micro-5
< 11.6.15-r1+ 18 more
- (no CPE)range: < 11.6.15-r1
- (no CPE)range: < 12.2.4-r1
- (no CPE)range: < 11.6.15-r0
- (no CPE)range: < 12.2.4-r0
- (no CPE)range: < 12.2.4-r1
- (no CPE)range: >= 1.4.0, < 1.11.1
- (no CPE)range: < 0.0.20251209T172047-150000.1.127.1
- (no CPE)range: < 11.5.10-150200.3.80.1
- (no CPE)range: < 0.0.20251209T172047-150000.1.127.1
- (no CPE)range: < 11.5.10-150200.3.80.1
- (no CPE)range: < 11.5.10-150200.3.80.1
- (no CPE)range: < 11.5.10-120002.4.6.1
- (no CPE)range: < 11.5.10-150002.4.6.1
- (no CPE)range: < 12-120002.1.11.1
- (no CPE)range: < 4.3.16.2-150400.3.148.1
- (no CPE)range: < 4.3.16.2-150400.3.104.2
- (no CPE)range: < 5.1.23-120002.3.6.1
- (no CPE)range: < 5.1.23-150002.3.6.1
- (no CPE)range: < 5.1.23-150002.3.6.1
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-2c64-vmv2-hgfcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-64751ghsaADVISORY
- github.com/openfga/openfga/releases/tag/v1.11.1ghsax_refsource_MISCWEB
- github.com/openfga/openfga/security/advisories/GHSA-2c64-vmv2-hgfcghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.