CVE-2025-65111

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-65111

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-65111.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-65111

Aliases

GHSA-9m7r-g8hg-x3vr

Published

2025-11-21T22:02:52.563Z

Modified

2025-11-24T19:37:09.980909Z

Severity

2.9 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator

Summary

SpiceDB's LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete Results

Details

SpiceDB is an open source database system for creating and managing security-critical application permissions. Prior to version 1.47.1, if a schema includes the following characteristics: permission defined in terms of a union (+) and that union references the same relation on both sides (but one side arrows to a different permission). Then SpiceDB may have missing LookupResources results when checking the permission. This only affects LookupResources; other APIs calculate permissionship correctly. The issue is fixed in version 1.47.1.

Database specific

{
    "cwe_ids": [
        "CWE-277"
    ]
}

References

Affected packages

Git / github.com/authzed/spicedb

Affected ranges

Type: GIT
Repo: https://github.com/authzed/spicedb
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b55a9f65aaacba19ec0b3eb004529a0d0bca4530

Affected versions

v0.*

v0.0.1

v0.0.2

v0.0.3

v1.*

v1.0.0

v1.1.0

v1.10.0

v1.11.0

v1.12.0

v1.13.0

v1.14.0

v1.14.1

v1.15.0

v1.16.0

v1.16.1

v1.16.2

v1.17.0

v1.18.1

v1.19.0

v1.2.0

v1.21.0

v1.21.0-rc1

v1.22.0

v1.22.0-rc1

v1.22.0-rc2

v1.22.0-rc4

v1.22.0-rc5

v1.22.0-rc6

v1.22.0-rc7

v1.22.0-rc8

v1.22.1

v1.22.1-rc1

v1.22.2

v1.23.0

v1.23.0-rc1

v1.23.0-rc2

v1.23.0-rc3

v1.23.0-rc4

v1.23.1

v1.23.1-rc1

v1.24.0

v1.24.0-rc1

v1.24.0-rc2

v1.24.0-rc3

v1.25.0

v1.25.0-rc1

v1.25.0-rc2

v1.25.0-rc3

v1.25.0-rc4

v1.26.0

v1.26.0-rc1

v1.26.0-rc2

v1.27.0

v1.27.0-rc1

v1.27.1-rc1

v1.28.0

v1.28.0-rc1

v1.29.0

v1.29.1

v1.29.1-rc1

v1.3.0

v1.30.0

v1.31.0

v1.32.0

v1.33.0

v1.34.0

v1.35.0

v1.35.1

v1.35.2

v1.35.3

v1.37.0

v1.38.0

v1.39.0

v1.4.0

v1.40.0

v1.40.1

v1.41.0

v1.42.0

v1.42.1

v1.43.0

v1.44.0

v1.44.3

v1.44.4

v1.45.0

v1.45.1

v1.45.2

v1.45.3

v1.45.4

v1.46.0

v1.46.1

v1.46.2

v1.47.0

v1.5.0

v1.7.0

v1.7.1

v1.8.0

v1.9.0