CVE-2025-23015
Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches. This issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2. Users are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue.
Reserved 2025-01-10 | Published 2025-02-04 | Updated 2025-02-15 | Assigner apacheCWE-267 Privilege Defined With Unsafe Actions
Adam Pond of Apple Services Engineering Security
Ali Mirheidari of Apple Services Engineering Security
Terry Thibault of Apple Services Engineering Security
Will Brattain of Apple Services Engineering Security
lists.apache.org/thread/jmks4msbgkl65ssg69x728sv1m0hwz3s
Support options
