{"id":"CVE-2025-57815","summary":"Fides Lacks Brute-Force Protections on Authentication Endpoints","details":"Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to conduct credential testing attacks, such as credential stuffing or password spraying, which poses a risk to accounts with weak or previously compromised passwords. Version 2.69.1 fixes the issue. For organizations with commercial Fides Enterprise licenses, configuring Single Sign-On (SSO) through an OIDC provider (like Azure, Google, or Okta) is an effective workaround. When OIDC SSO is enabled, username/password authentication can be disabled entirely, which eliminates this attack vector. This functionality is not available for Fides Open Source users.","aliases":["GHSA-7q62-r88r-j5gw"],"modified":"2026-04-10T05:31:12.741385Z","published":"2025-09-08T21:11:53.369Z","database_specific":{"cwe_ids":["CWE-307"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/57xxx/CVE-2025-57815.json","cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://github.com/ethyca/fides/releases/tag/2.69.1"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/57xxx/CVE-2025-57815.json"},{"type":"ADVISORY","url":"https://github.com/ethyca/fides/security/advisories/GHSA-7q62-r88r-j5gw"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-57815"},{"type":"FIX","url":"https://github.com/ethyca/fides/commit/59903c195e2f9f8915a1db94950aefd557033a5c"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ethyca/fides","events":[{"introduced":"0"},{"fixed":"239cb598ba6d808dd1d221506b13f5a2912c8357"}]}],"versions":["0.9.0","0.9.1","0.9.2","0.9.3","0.9.4","0.9.5","0.9.6","0.9.7","0.9.8","0.9.8.1","0.9.8.2","0.9.8.3","0.9.8.4","0.9.9","1.0.0","1.1.0","1.1.1","1.2.0","1.3.0","1.3.1","1.4.0","1.4.1","1.5.0","1.5.1","1.5.2","1.6.0","1.7.0","1.8.0","1.8.1","1.8.2","1.8.3","1.8.4","1.9.0","1.9.1","1.9.2","1.9.9","2.0.0","2.0.0-beta.1","2.0.0-beta.2","2.0.0-beta.3","2.10.1b0","2.10.1b1","2.10.1b2","2.10.1b3","2.11.1b0","2.11.1b1","2.11.1b2","2.11.1b3","2.11.1b4","2.11.1b5","2.11.1b6","2.12.1b0","2.12.1b1","2.12.1b2","2.12.1b3","2.12.1b4","2.12.2b0","2.12.2b1","2.12.2b2","2.13.1b0","2.13.1b1","2.13.1b2","2.14.1b0","2.14.1b1","2.14.1b2","2.14.2b0","2.14.3b0","2.15.1b0","2.15.1b1","2.15.2b0","2.16.1b0","2.16.1b1","2.17.1b0","2.18.1b0","2.18.1b1","2.18.1b2","2.18.1b3","2.18.1b4","2.18.1b5","2.18.1b6","2.18.1b7","2.19.1b0","2.19.2b0","2.19.2b1","2.19.2b2","2.20.1b0","2.20.1b1","2.20.1b2","2.20.1b3","2.20.1b4","2.20.2b0","2.20.3b0","2.20.3b1","2.20.3b2","2.21.0rc0","2.21.1b0","2.21.1b1","2.21.1b2","2.21.1b3","2.22.1b0","2.22.1b1","2.22.1b2","2.22.1b3","2.22.2b0","2.22.2b1","2.22.2b2","2.22.2b3","2.23.1b0","2.23.2b0","2.23.3b0","2.23.3b1","2.23.3b2","2.23.3b3","2.24.1b0","2.24.1b1","2.24.2b0","2.24.2b1","2.25.1b0","2.25.1b1","2.25.1b2","2.25.1b3","2.25.1b4","2.26.1b0","2.26.1b1","2.27.1b0","2.27.1b1","2.28.1b0","2.28.1b1","2.29.1b0","2.29.1b1","2.30.1b0","2.30.2b0","2.30.2b1","2.31.1b0","2.31.1b2","2.32.1b0","2.32.1b1","2.32.1b2","2.33.1b0","2.33.2b0","2.34.1b0","2.34.2b0","2.34.2b1","2.34.2b2","2.34.2b3","2.35.2b0","2.35.2b1","2.36.1b0","2.36.2b0","2.36.2b1","2.36.2b2","2.36.2b3","2.36.2b4","2.36.2b5","2.37.1b0","2.37.1b1","2.37.1b2","2.37.1b3","2.37.1b4","2.38.1b0","2.38.1b1","2.38.2b0","2.38.2b1","2.38.2b2","2.38.2b3","2.39.1b0","2.39.2b0","2.40.1b0","2.40.1b1","2.41.1b0","2.41.1b1","2.41.1b2","2.41.1b3","2.41.1b4","2.42.1b0","2.42.2b0","2.42.2b1","2.42.2b2","2.42.2b3","2.42.2b4","2.43.1b0","2.43.3b0","2.43.3b1","2.43.3b2","2.44.1b0","2.44.1b1","2.44.1b2","2.44.1b3","2.44.1b4","2.44.1b5","2.45.1b0","2.45.3b0","2.45.3b1","2.45.3b2","2.45.3b3","2.45.3b4","2.46.1b0","2.46.1b1","2.46.1b2","2.46.1b3","2.46.1b4","2.46.2b0","2.46.3b0","2.46.3b1","2.47.1b0","2.47.2b0","2.47.2b1","2.47.2b2","2.47.2b3","2.48.1b0","2.48.1b1","2.48.2b0","2.49.2a0","2.49.2b0","2.50.1b0","2.51.1b0","2.51.3b0","2.51.3b1","2.51.3b2","2.52.1b0","2.52.1b1","2.52.1b2","2.53.1b0","2.53.1b1","2.54.1b0","2.54.1b1","2.54.1b2","2.54.1b3","2.54.1b4","2.54.1b5","2.54.1b6","2.54.1b7","2.55.1b0","2.55.1b1","2.55.1b2","2.55.1b3","2.55.3b0","2.55.3b1","2.55.5b0","2.55.5b1","2.55.5b2","2.56.1b0","2.56.1b1","2.56.1b2","2.56.1b3","2.56.2b0","2.56.2b1","2.56.3b0","2.56.3b1","2.56.3b2","2.57.1b0","2.57.1b1","2.57.1b2","2.57.1b3","2.57.1b4","2.57.1b5","2.57.1b6","2.57.1b7","2.57.1b8","2.57.1b9","2.57.2b0","2.58.1b0","2.58.1b1","2.58.1b2","2.58.1b3","2.58.1b4","2.58.1b5","2.58.2b0","2.58.2b1","2.58.2b2","2.58.2b3","2.58.2b4","2.58.2b5","2.58.3b0","2.58.3b1","2.58.3b2","2.59.1b0","2.59.2b0","2.59.2b1","2.59.2b2","2.59.2b3","2.59.3b0","2.6.0","2.60.1b0","2.60.1b1","2.60.1b2","2.60.2b0","2.60.2b1","2.61.1b0","2.61.1b1","2.61.1b2","2.61.1b3","2.61.2b0","2.61.2b1","2.61.2b2","2.61.2b3","2.61.2b4","2.62.1b0","2.62.1b1","2.62.1b2","2.62.1b3","2.63.1b0","2.63.1b1","2.63.1b2","2.63.1b3","2.63.1b4","2.63.3b0","2.64.1b0","2.64.1b1","2.64.1b2","2.64.2b0","2.64.2b1","2.64.3b0","2.64.6b0","2.64.6b1","2.64.6b2","2.65.1b0","2.65.1b1","2.65.1b2","2.65.3b0","2.65.3b1","2.65.3b2","2.65.3b3","2.66.1b0","2.66.1b1","2.66.2b0","2.66.2b1","2.66.2b2","2.66.3b0","2.67.1b0","2.67.1b1","2.67.2b0","2.67.2b1","2.67.2b2","2.67.2b3","2.67.3b0","2.67.3b1","2.68.1b0","2.68.1b1","2.68.1b2","2.68.1b3","2.68.1b4","2.69.0rc0","2.69.0rc1","2.69.0rc10","2.69.0rc2","2.69.0rc3","2.69.0rc4","2.69.0rc5","2.69.0rc6","2.69.0rc7","2.69.0rc8","2.69.0rc9","2.69.1rc0","2.9.3a0","2.9.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-57815.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"}]}