๐Ÿ” CVE Alert

CVE-2025-61524

HIGH 7.2
CVSS Score
7.2
EPSS Score
0.0%
EPSS Percentile
0th

An issue in the permission verification module and organization/application editing interface in Casdoor v2.26.0 and before, and fixed in v.2.63.0, allows remote authenticated administrators of any organization within the system to bypass the system's permission verification mechanism by directly concatenating URLs after login

Vendor n/a
Product n/a
Published Oct 8, 2025
Last Updated Jul 5, 2026
Stay Ahead of the Next One

Get instant alerts for n/a n/a

Be the first to know when new high vulnerabilities affecting n/a n/a are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

n/a / n/a
n/a

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
gist.github.com: https://gist.github.com/DevHjz/e75cea851d48e5f5478ac2a90757851a github.com: https://github.com/casdoor/casdoor/commit/d883db907bb6e0b95737ef8e8b57b7da9078cbdd github.com: https://github.com/casdoor/casdoor/releases/tag/v2.63.0