CVE-2025-23015HIGH 8.8EPSS p54.3%

CVE-2025-23015CVE-2025-23015

Description

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches. This issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2. Users are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.88% probability of exploitation · percentile 54.3% · 2026-06-19T12:03:05Z
Published2025-02-04
Last modified2025-07-14

Underlying weaknesses· 1

CWE-267

References

  1. https://lists.apache.org/thread/jmks4msbgkl65ssg69x728sv1m0hwz3s
  2. http://www.openwall.com/lists/oss-security/2025/02/03/2
  3. http://www.openwall.com/lists/oss-security/2025/02/11/1
  4. https://security.netapp.com/advisory/ntap-20250214-0006/

1

TypeTargetConfidenceTier
WeaknessPrivilege Defined With Unsafe Actionscwe-2670%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-26467
CVE
CVE-2026-27314
CVE
CVE-2026-33109
CVE
CVE-2025-26511
CVE
CVE-2026-24015
CVE
CVE-2025-30065
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.