Unauthenticated Access Vulnerability in Palantir's Aries Service
CVE-2025-68609

6.6MEDIUM

Key Information:

Vendor: Palantir
Status: Com.palantir.aries:aries
Vendor: CVE Published:; 22 January 2026

What is CVE-2025-68609?

A vulnerability in Palantir's Aries service allows unauthorized users to access log viewing and management functionality due to improper authentication and authorization checks. This issue emerges when the service is configured with default settings, exposing system logs and enabling actions without valid login credentials. Despite the potential severity of this flaw, no evidence has been found to suggest active exploitation during the identified window.

Affected Version(s)

com.palantir.aries:aries 1.554.0

References

https://palantir.safebase.us/?tcuUid=955a313a-1735-48a6-9...

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 22, 2026
Vulnerability Reserved
Dec 19, 2025

CVE-2025-68609 Data

JSON