Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-57766
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Fides's Admin UI User Password Change Does Not Invalidate Current Session
Source: NVD (National Vulnerability Database)
Vulnerability Description
Fides is an open-source privacy engineering platform. Prior to version 2.69.1, admin UI user password changes in Fides do not invalidate active user sessions, creating a vulnerability chaining opportunity where attackers who have obtained session tokens through other attack vectors (such as XSS) can maintain access even after password reset. This issue is not directly exploitable on its own and requires a prerequisite vulnerability to obtain valid session tokens in the first place. Version 2.69.1 fixes the issue. No known workarounds are available.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
不充分的会话过期机制
Source: NVD (National Vulnerability Database)
Vulnerability Title
Fides 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Fides是Ethyca开源的一个开源隐私工程平台,用于管理运行时环境中数据隐私请求的实现以及代码中隐私法规的执行。 Fides 2.69.1之前版本存在代码问题漏洞,该漏洞源于密码更改后未使会话失效,可能导致权限维持。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
ethycafides < 2.69.1 -
II. Public POCs for CVE-2025-57766
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2025-57766
Please Login to view more intelligence information
New Vulnerabilities
Product: fides
Vendor: ethyca
Same weakness: CWE-613
V. Comments for CVE-2025-57766

No comments yet

Leave a comment