Authorization Issues in Vaultwarden by Bitwarden Server
CVE-2025-24365

8.1HIGH

Key Information:

Vendor: Dani-garcia
Status: Vaultwarden
Vendor: CVE Published:; 27 January 2025

🔔 Create Dani-garcia Vulnerability Alert

What is CVE-2025-24365?

Vaultwarden, an unofficial Bitwarden compatible server, is susceptible to an authorization bypass vulnerability. This flaw allows an attacker with knowledge of a victim organization's ID to gain owner rights of that organization. The attacker must also be an established owner or admin of another organization. This security issue can be exploited by unprivileged users within the organization, posing a significant risk to organizational data integrity. A patch to address this vulnerability has been released in version 1.33.0.

Affected Version(s)

vaultwarden < 1.33.0

References

https://github.com/dani-garcia/vaultwarden/security/advis...

x_refsource_CONFIRM

https://github.com/dani-garcia/vaultwarden/releases/tag/1...

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 27, 2025
Vulnerability Reserved
Jan 20, 2025

CVE-2025-24365 Data

JSON