Unauthorized Access Control Flaw in Palantir Dossier App
CVE-2025-62487

3.5LOW

Key Information:

Vendor: Palantir
Status: Com.palantir.acme:gotham-default-apps-bundle; Com.palantir.acme:stencil-app-bundle; Com.palantir.acme:dossier-app
Vendor: CVE Published:; 9 January 2026

What is CVE-2025-62487?

A vulnerability has been identified in the Palantir Dossier front-end application where images uploaded were not properly marked with security levels. This oversight stemmed from a change made in May 2025 to facilitate file sharing across artifacts. In installations without Context-Based Access Control (CBAC), users were not presented with the necessary dialog to select appropriate security levels, leading to potential unauthorized access to sensitive materials. Consequently, files were only protected by the default authorization rules, which generally included broad access permissions.

Affected Version(s)

com.palantir.acme:dossier-app 100.30250502.0 < 100.30251002.0

com.palantir.acme:gotham-default-apps-bundle 100.30250502.0 < 100.30251002.0

com.palantir.acme:stencil-app-bundle 100.30250502.0 < 100.30251002.0

References

https://palantir.safebase.us/?tcuUid=c91a1b4f-72e7-4959-9...

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2026
Vulnerability Reserved
Oct 15, 2025

CVE-2025-62487 Data

JSON