Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| openfga | openfga | affected |
|
Configuration 1 [-]
|
No data.
| Vendor | Product | Confidence | Versions |
|---|---|---|---|
| Openfga | Openfga | — | — |
Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
 Github GHSA |
GHSA-2c64-vmv2-hgfc | OpenFGA Improper Policy Enforcement |
Wed, 31 Dec 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Openfga helm Charts
|
|
| CPEs | cpe:2.3:a:openfga:helm_charts:*:*:*:*:*:*:*:* cpe:2.3:a:openfga:openfga:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Openfga helm Charts
|
|
| Metrics |
cvssV3_1
|
Mon, 24 Nov 2025 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 24 Nov 2025 09:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Openfga
Openfga openfga |
|
| Vendors & Products |
Openfga
Openfga openfga |
Fri, 21 Nov 2025 01:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.4.0 to v1.11.0 ( openfga-0.1.34 <= Helm chart <= openfga-0.2.48, v.1.4.0 <= docker <= v.1.11.0) are vulnerable to improper policy enforcement when certain Check and ListObject calls are executed. This issue has been patched in version 1.11.1. | |
| Title | OpenFGA Improper Policy Enforcement | |
| Weaknesses | CWE-285 | |
| References |
| |
| Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-11-24T18:11:03.949Z
Reserved: 2025-11-10T22:29:34.873Z
Link: CVE-2025-64751
Vulnrichment
Updated: 2025-11-24T17:06:42.795Z
NVD
Status : Analyzed
Published: 2025-11-21T02:15:43.747
Modified: 2025-12-31T13:43:35.017
Link: CVE-2025-64751
Redhat
No data.
OpenCVE Enrichment
Updated: 2025-11-24T09:09:15Z