Session Management Flaw in Fides Admin UI
CVE-2025-57766

1.7LOW

Key Information:

Vendor

Ethyca

Status
Fides
Vendor
CVE Published:
8 September 2025

What is CVE-2025-57766?

Fides, an open-source privacy engineering platform by Ethyca, is susceptible to a session management flaw. Before version 2.69.1, changes to admin UI user passwords did not invalidate active user sessions. This allows attackers who have previously obtained valid session tokens through other vulnerabilities (like XSS) to maintain continued access, even after the user changes their password. The issue requires a prerequisite exploit to gain session tokens, making it indirectly exploitable. Version 2.69.1 resolves this issue, and no known workarounds exist.

Affected Version(s)

fides < 2.69.1

References

https://github.com/ethyca/fides/security/advisories/GHSA-...
x_refsource_CONFIRM
https://github.com/ethyca/fides/commit/8daec4f5ad3daf0f0b...
x_refsource_MISC
https://github.com/ethyca/fides/releases/tag/2.69.1
x_refsource_MISC

CVSS V4

Score:
1.7
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-57766 : Session Management Flaw in Fides Admin UI