CVE-2025-61524

Published: Oct 8, 2025

Modified: Oct 14, 2025

PUBLISHED

Description

An issue in the permission verification module and organization/application editing interface in Casdoor v2.26.0 and before, and fixed in v.2.63.0, allows remote authenticated administrators of any organization within the system to bypass the system's permission verification mechanism by directly concatenating URLs after login

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://casdoor.com

https://gist.github.com/DevHjz/e75cea851d48e5f5478ac2a90757851a

https://github.com/casdoor/casdoor/commit/d883db907bb6e0b95737ef8e8b57b7da9078cbdd

https://github.com/casdoor/casdoor/releases/tag/v2.63.0

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-61524

Description

Affected Products

References