{
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
      },
      "title": "User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions",
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-267 Privilege Defined With Unsafe Actions",
              "lang": "en",
              "cweId": "CWE-267",
              "type": "CWE"
            }
          ]
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "affected": [
        {
          "vendor": "Apache Software Foundation",
          "product": "Apache Cassandra",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.0",
              "lessThanOrEqual": "3.0.30",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "3.1.0",
              "lessThanOrEqual": "3.11.17",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "4.0.0",
              "lessThanOrEqual": "4.0.16",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "4.1.0",
              "lessThanOrEqual": "4.1.7",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "5.0.0",
              "lessThanOrEqual": "5.0.2",
              "versionType": "semver"
            }
          ],
          "defaultStatus": "unaffected"
        }
      ],
      "descriptions": [
        {
          "value": "Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches.\n\nThis issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.16, 4.1.7, 5.0.2.\n\nUsers are recommended to upgrade to versions 3.0.32, 3.11.19, 4.0.17, 4.1.8, 5.0.3, which fixes the issue.\n\nAddendum:\n\n\n\n\n\nA performance regression was detected in the security releases 3.0.30 [1] and 3.11.18 [2]. Affected users are recommended to upgrade to versions 3.0.32 and 3.11.19 instead.\n\nThe fix to this vulnerability was incorrectly applied to 4.0.16, and affected users in the 4.0 series are recommended to upgrade to 4.0.17 (see CVE-2025-26467 for more information).\n\nRemaining versions are unaffected.\n\n[1] -  https://lists.apache.org/thread/yprngr9cmp9c43m1c56thv1v0v6y5ywq \n[2] -  https://lists.apache.org/thread/hc9shwlm1kmxdxosbh3qo2xooqoo3sc6",
          "lang": "en",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches.<br><br>This issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.16, 4.1.7, 5.0.2.<br><br>Users are recommended to upgrade to versions 3.0.32, 3.11.19, 4.0.17, 4.1.8, 5.0.3, which fixes the issue.<br><br>Addendum:<br><br>\n\n\n\n<span style=\"background-color: rgb(255, 255, 255);\">A performance regression was detected in the security releases 3.0.30 [1] and 3.11.18 [2]. Affected users are recommended to upgrade to versions 3.0.32 and 3.11.19 instead.<br><br>The fix to this vulnerability was incorrectly applied to 4.0.16, and affected users in the 4.0 series are recommended to upgrade to 4.0.17 (see CVE-2025-26467 for more information).</span><br><br><span style=\"background-color: rgb(255, 255, 255);\">Remaining versions are unaffected.</span><br><br><span style=\"background-color: rgb(255, 255, 255);\">[1] - <a target=\"_blank\" rel=\"nofollow\" href=\"https://lists.apache.org/thread/yprngr9cmp9c43m1c56thv1v0v6y5ywq\">https://lists.apache.org/thread/yprngr9cmp9c43m1c56thv1v0v6y5ywq</a></span><br><span style=\"background-color: rgb(255, 255, 255);\">[2] - <a target=\"_blank\" rel=\"nofollow\" href=\"https://lists.apache.org/thread/hc9shwlm1kmxdxosbh3qo2xooqoo3sc6\">https://lists.apache.org/thread/hc9shwlm1kmxdxosbh3qo2xooqoo3sc6</a></span>\n\n<br>"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://lists.apache.org/thread/jmks4msbgkl65ssg69x728sv1m0hwz3s",
          "tags": [
            "vendor-advisory"
          ]
        }
      ],
      "metrics": [
        {
          "other": {
            "type": "Textual description of severity",
            "content": {
              "text": "moderate"
            }
          }
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Adam Pond of Apple Services Engineering Security",
          "type": "finder"
        },
        {
          "lang": "en",
          "value": "Ali Mirheidari of Apple Services Engineering Security",
          "type": "finder"
        },
        {
          "lang": "en",
          "value": "Terry Thibault of Apple Services Engineering Security",
          "type": "finder"
        },
        {
          "lang": "en",
          "value": "Will Brattain of Apple Services Engineering Security",
          "type": "finder"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "cveId": "CVE-2025-23015",
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "serial": 1,
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}