CVE-2025-13475

LOW
Published Jul 4, 2026 CWE-288

Description

In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants, leading to unintended cross-tenant consent sharing. This vulnerability may result in the exposure of user data across tenants, enabling SaaS applications in different tenants to access and modify information without explicit user authorization. This can lead to unauthorized data access and privacy violations. This vulnerability has no impact if the deployment does not support multi-tenancy.

CVSS v3.1 Score

3.5
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

EPSS — Exploit Prediction

0.0015
Probability of exploitation
0.04%
Percentile rank

EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.

Weakness Type (CWE)

CWE-288 CWE-288

References

Frequently Asked Questions

What is CVE-2025-13475? +
In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants, leading to unintended cross-tenant consent sharing. This vulnerability may result in the exposure of user data across tenants, enabling SaaS applications in different tenants to access and modify information without explicit user authorization. This can lead to unauthorized data access and privacy violations. This vulnerability has no impact if the deployment does not support multi-tenancy. It has a CVSS v3.1 base score of 3.5 (LOW).
How severe is CVE-2025-13475? +
CVE-2025-13475 has a CVSS v3.1 score of 3.5 out of 10, rated LOW. This is a low-severity vulnerability with limited impact. The EPSS score is 0.0015, placing it in the 0th percentile for exploitation probability.
How do I check if I'm vulnerable to CVE-2025-13475? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-13475 — free, no signup required.

Start Free Scan