Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches.



This issue affects Apache Cassandra 3.0.30, 3.11.17, 4.0.16, 4.1.7, 5.0.2, but this advisory is only for 4.0.16 because the fix to CVE-2025-23015 was incorrectly applied to 4.0.16, so that version is still affected.

Users in the 4.0 series are recommended to upgrade to version 4.0.17 which fixes the issue. Users from 3.0, 3.11, 4.1 and 5.0 series should follow recommendation from CVE-2025-23015.
History

Tue, 26 Aug 2025 21:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*

Tue, 26 Aug 2025 12:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Mon, 25 Aug 2025 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache cassandra
Vendors & Products Apache
Apache cassandra

Mon, 25 Aug 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 25 Aug 2025 14:15:00 +0000

Type Values Removed Values Added
Description Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches. This issue affects Apache Cassandra 3.0.30, 3.11.17, 4.0.16, 4.1.7, 5.0.2, but this advisory is only for 4.0.16 because the fix to CVE-2025-23015 was incorrectly applied to 4.0.16, so that version is still affected. Users in the 4.0 series are recommended to upgrade to version 4.0.17 which fixes the issue. Users from 3.0, 3.11, 4.1 and 5.0 series should follow recommendation from CVE-2025-23015.
Title Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only)
Weaknesses CWE-267
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2025-08-26T03:55:26.020Z

Reserved: 2025-02-10T23:19:36.665Z

Link: CVE-2025-26467

cve-icon Vulnrichment

Updated: 2025-08-25T14:29:26.458Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-25T14:15:30.103

Modified: 2025-08-26T21:14:41.723

Link: CVE-2025-26467

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-08-25T14:06:28Z

Links: CVE-2025-26467 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2025-08-25T21:53:08Z