Privilege Escalation in Fides Webserver API Affects Open-Source Privacy Engineering Platform
CVE-2025-57817

8.6HIGH

Key Information:

Vendor

Ethyca

Status
Fides
Vendor
CVE Published:
8 September 2025

What is CVE-2025-57817?

The Fides Webserver API, a privacy engineering platform by Ethyca, contains a vulnerability that allows users with elevated privileges, specifically those granted client:create or client:update, to bypass authorization controls related to scope assignment. This flaw can lead to unauthorized escalation of permissions to owner-level within the platform. The issue was resolved in version 2.69.1 of Fides, and updates are highly recommended as there are currently no known workarounds for this vulnerability. For further details, refer to the official advisory and release notes.

Affected Version(s)

fides < 2.69.1

References

https://github.com/ethyca/fides/security/advisories/GHSA-...
x_refsource_CONFIRM
https://github.com/ethyca/fides/commit/2ffd125e1089a09b84...
x_refsource_MISC
https://github.com/ethyca/fides/releases/tag/2.69.1
x_refsource_MISC

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-57817 : Privilege Escalation in Fides Webserver API Affects Open-Source Privacy Engineering Platform