IP-based Rate Limiting Flaw in Fides Open-Source Privacy Platform
CVE-2025-57815

1.7LOW

Key Information:

Vendor

Ethyca

Status
Fides
Vendor
CVE Published:
8 September 2025

What is CVE-2025-57815?

The Fides Admin UI, part of the open-source privacy engineering platform, is susceptible to a vulnerability that stems from an inadequate IP-based rate limiting mechanism for its login endpoint. This flaw enables attackers to perform various forms of credential testing attacks, including credential stuffing and password spraying. Accounts utilizing weak passwords or those previously compromised are particularly at risk. To mitigate this issue, version 2.69.1 has introduced improvements, including the incorporation of anti-automation controls. For users with a commercial Fides Enterprise license, leveraging Single Sign-On (SSO) through an OIDC provider can fully eliminate the risk by disabling username/password authentication. However, this important functionality is not available for open-source users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

fides < 2.69.1

References

https://github.com/ethyca/fides/security/advisories/GHSA-...
x_refsource_CONFIRM
https://github.com/ethyca/fides/commit/59903c195e2f9f8915...
x_refsource_MISC
https://github.com/ethyca/fides/releases/tag/2.69.1
x_refsource_MISC

CVSS V4

Score:
1.7
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.