CVE-2025-49011

Published Jun 6, 2025

Last updated a month ago

CVSS low 3.7

Overview

Description
SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, requests may return a negative response when a positive response is expected. Version 1.44.2 fixes the issue. As a workaround, do not use caveats in the schema over an arrow’ed relation.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
3.7
Impact score
1.4
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Severity
LOW

Weaknesses

security-advisories@github.com
CWE-358

Social media

Hype score
Not currently trending

  1. CVE Alert: CVE-2025-49011 - https://t.co/KewoHbxiZ3 #OSINT #ThreatIntel #CyberSecurity #cve_2025_49011

    @RedPacketSec

    7 Jun 2025

    78 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.