CVE-2025-64751

ADVISORY - github

Summary

Overview

OpenFGA v1.4.0 to v1.11.0 (openfga-0.1.34 <= Helm chart <= openfga-0.2.48, v.1.4.0 <= docker <= v.1.11.0) are vulnerable to improper policy enforcement when certain Check and ListObject calls are executed.

Am I Affected?

You are affected by this vulnerability if you meet the following preconditions:

You are using OpenFGA v1.4.0 to v1.11.0
The model has a a relation directly assignable by a type bound pubic access with condition
The same relation is not assignable by a type bound public access without condition
You have a type assigned for the same relation that is a type bound public access without condition

Fix

Upgrade to v1.11.1. This upgrade is backwards compatible.

Workaround

None

EPSS Score⁠: 0.00053 (0.166)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-285⁠

Improper Authorization

ADVISORY - github

CWE-285⁠

Improper Authorization

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.