{"id":"CVE-2025-57817","summary":"Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation","details":"Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with `client:create` or `client:update` permissions to escalate their privileges to owner-level. Version 2.69.1 fixes the issue. No known workarounds are available.","aliases":["GHSA-hjfh-p8f5-24wr"],"modified":"2026-04-10T05:31:12.745078Z","published":"2025-09-08T21:17:09.105Z","database_specific":{"cwe_ids":["CWE-862"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/57xxx/CVE-2025-57817.json","cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://github.com/ethyca/fides/releases/tag/2.69.1"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/57xxx/CVE-2025-57817.json"},{"type":"ADVISORY","url":"https://github.com/ethyca/fides/security/advisories/GHSA-hjfh-p8f5-24wr"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-57817"},{"type":"FIX","url":"https://github.com/ethyca/fides/commit/2ffd125e1089a09b84c27fb5279a05960cbf2452"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ethyca/fides","events":[{"introduced":"0"},{"fixed":"239cb598ba6d808dd1d221506b13f5a2912c8357"}]}],"versions":["0.9.0","0.9.1","0.9.2","0.9.3","0.9.4","0.9.5","0.9.6","0.9.7","0.9.8","0.9.8.1","0.9.8.2","0.9.8.3","0.9.8.4","0.9.9","1.0.0","1.1.0","1.1.1","1.2.0","1.3.0","1.3.1","1.4.0","1.4.1","1.5.0","1.5.1","1.5.2","1.6.0","1.7.0","1.8.0","1.8.1","1.8.2","1.8.3","1.8.4","1.9.0","1.9.1","1.9.2","1.9.9","2.0.0","2.0.0-beta.1","2.0.0-beta.2","2.0.0-beta.3","2.10.1b0","2.10.1b1","2.10.1b2","2.10.1b3","2.11.1b0","2.11.1b1","2.11.1b2","2.11.1b3","2.11.1b4","2.11.1b5","2.11.1b6","2.12.1b0","2.12.1b1","2.12.1b2","2.12.1b3","2.12.1b4","2.12.2b0","2.12.2b1","2.12.2b2","2.13.1b0","2.13.1b1","2.13.1b2","2.14.1b0","2.14.1b1","2.14.1b2","2.14.2b0","2.14.3b0","2.15.1b0","2.15.1b1","2.15.2b0","2.16.1b0","2.16.1b1","2.17.1b0","2.18.1b0","2.18.1b1","2.18.1b2","2.18.1b3","2.18.1b4","2.18.1b5","2.18.1b6","2.18.1b7","2.19.1b0","2.19.2b0","2.19.2b1","2.19.2b2","2.20.1b0","2.20.1b1","2.20.1b2","2.20.1b3","2.20.1b4","2.20.2b0","2.20.3b0","2.20.3b1","2.20.3b2","2.21.0rc0","2.21.1b0","2.21.1b1","2.21.1b2","2.21.1b3","2.22.1b0","2.22.1b1","2.22.1b2","2.22.1b3","2.22.2b0","2.22.2b1","2.22.2b2","2.22.2b3","2.23.1b0","2.23.2b0","2.23.3b0","2.23.3b1","2.23.3b2","2.23.3b3","2.24.1b0","2.24.1b1","2.24.2b0","2.24.2b1","2.25.1b0","2.25.1b1","2.25.1b2","2.25.1b3","2.25.1b4","2.26.1b0","2.26.1b1","2.27.1b0","2.27.1b1","2.28.1b0","2.28.1b1","2.29.1b0","2.29.1b1","2.30.1b0","2.30.2b0","2.30.2b1","2.31.1b0","2.31.1b2","2.32.1b0","2.32.1b1","2.32.1b2","2.33.1b0","2.33.2b0","2.34.1b0","2.34.2b0","2.34.2b1","2.34.2b2","2.34.2b3","2.35.2b0","2.35.2b1","2.36.1b0","2.36.2b0","2.36.2b1","2.36.2b2","2.36.2b3","2.36.2b4","2.36.2b5","2.37.1b0","2.37.1b1","2.37.1b2","2.37.1b3","2.37.1b4","2.38.1b0","2.38.1b1","2.38.2b0","2.38.2b1","2.38.2b2","2.38.2b3","2.39.1b0","2.39.2b0","2.40.1b0","2.40.1b1","2.41.1b0","2.41.1b1","2.41.1b2","2.41.1b3","2.41.1b4","2.42.1b0","2.42.2b0","2.42.2b1","2.42.2b2","2.42.2b3","2.42.2b4","2.43.1b0","2.43.3b0","2.43.3b1","2.43.3b2","2.44.1b0","2.44.1b1","2.44.1b2","2.44.1b3","2.44.1b4","2.44.1b5","2.45.1b0","2.45.3b0","2.45.3b1","2.45.3b2","2.45.3b3","2.45.3b4","2.46.1b0","2.46.1b1","2.46.1b2","2.46.1b3","2.46.1b4","2.46.2b0","2.46.3b0","2.46.3b1","2.47.1b0","2.47.2b0","2.47.2b1","2.47.2b2","2.47.2b3","2.48.1b0","2.48.1b1","2.48.2b0","2.49.2a0","2.49.2b0","2.50.1b0","2.51.1b0","2.51.3b0","2.51.3b1","2.51.3b2","2.52.1b0","2.52.1b1","2.52.1b2","2.53.1b0","2.53.1b1","2.54.1b0","2.54.1b1","2.54.1b2","2.54.1b3","2.54.1b4","2.54.1b5","2.54.1b6","2.54.1b7","2.55.1b0","2.55.1b1","2.55.1b2","2.55.1b3","2.55.3b0","2.55.3b1","2.55.5b0","2.55.5b1","2.55.5b2","2.56.1b0","2.56.1b1","2.56.1b2","2.56.1b3","2.56.2b0","2.56.2b1","2.56.3b0","2.56.3b1","2.56.3b2","2.57.1b0","2.57.1b1","2.57.1b2","2.57.1b3","2.57.1b4","2.57.1b5","2.57.1b6","2.57.1b7","2.57.1b8","2.57.1b9","2.57.2b0","2.58.1b0","2.58.1b1","2.58.1b2","2.58.1b3","2.58.1b4","2.58.1b5","2.58.2b0","2.58.2b1","2.58.2b2","2.58.2b3","2.58.2b4","2.58.2b5","2.58.3b0","2.58.3b1","2.58.3b2","2.59.1b0","2.59.2b0","2.59.2b1","2.59.2b2","2.59.2b3","2.59.3b0","2.6.0","2.60.1b0","2.60.1b1","2.60.1b2","2.60.2b0","2.60.2b1","2.61.1b0","2.61.1b1","2.61.1b2","2.61.1b3","2.61.2b0","2.61.2b1","2.61.2b2","2.61.2b3","2.61.2b4","2.62.1b0","2.62.1b1","2.62.1b2","2.62.1b3","2.63.1b0","2.63.1b1","2.63.1b2","2.63.1b3","2.63.1b4","2.63.3b0","2.64.1b0","2.64.1b1","2.64.1b2","2.64.2b0","2.64.2b1","2.64.3b0","2.64.6b0","2.64.6b1","2.64.6b2","2.65.1b0","2.65.1b1","2.65.1b2","2.65.3b0","2.65.3b1","2.65.3b2","2.65.3b3","2.66.1b0","2.66.1b1","2.66.2b0","2.66.2b1","2.66.2b2","2.66.3b0","2.67.1b0","2.67.1b1","2.67.2b0","2.67.2b1","2.67.2b2","2.67.2b3","2.67.3b0","2.67.3b1","2.68.1b0","2.68.1b1","2.68.1b2","2.68.1b3","2.68.1b4","2.69.0rc0","2.69.0rc1","2.69.0rc10","2.69.0rc2","2.69.0rc3","2.69.0rc4","2.69.0rc5","2.69.0rc6","2.69.0rc7","2.69.0rc8","2.69.0rc9","2.69.1rc0","2.9.3a0","2.9.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-57817.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"}]}