Open-source Identity and Access Management Platform Vulnerability in Janssen Project
CVE-2025-53003

8.2HIGH

Key Information:

Vendor

Janssenproject

Status
Jans
Vendor
CVE Published:
1 July 2025

What is CVE-2025-53003?

The Janssen Project, a popular open-source identity and access management platform, contains a vulnerability in its Config API. This flaw allows unauthorized access to sensitive information due to a lack of scope verification. Prior to version 1.8.0, the API's inadequate controls could lead to extensive data exposure, including details of clients, users, and scripts associated with the identity provider. Users are encouraged to upgrade to version 1.8.0, which includes a patch for this vulnerability. For those unable to upgrade immediately, a temporary workaround involves forking the project, building the Config API, and applying a specific patch following commit 92eea4d.

Affected Version(s)

jans < 1.8.0

References

https://github.com/JanssenProject/jans/security/advisorie...
x_refsource_CONFIRM
https://github.com/JanssenProject/jans/issues/11575
x_refsource_MISC
https://github.com/JanssenProject/jans/commit/92eea4d4637...
x_refsource_MISC

CVSS V4

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-53003 : Open-source Identity and Access Management Platform Vulnerability in Janssen Project