CVE-2025-49011
LOWDescription
SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, requests may return a negative response when a positive response is expected. Version 1.44.2 fixes the issue. As a workaround, do not use caveats in the schema over an arrow’ed relation.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| authzed | spicedb |
References
Frequently Asked Questions
What is CVE-2025-49011? +
How severe is CVE-2025-49011? +
What products are affected by CVE-2025-49011? +
How do I check if I'm vulnerable to CVE-2025-49011? +
Related Vulnerabilities
In liboauth2 the Demonstrating Proof-of-Possession (DPoP) verifier accepts a proof whose JSON Web Key (jwk) header contains private key material. …
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.28.1 and below, given any pre-existing XSS / …
The Client secret is not checked when using the OAuth Password grant type. By exploiting this vulnerability, an attacker could …
Backpropagate is a Python library for fine-tuning large language models on a single GPU. In versions 1.1.0 and 1.1.1, the …
DVP80ES3 with Improperly Implemented Security Check for Standard vulnerability.
Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment.