CVE-2025-27509

fleetdm/fleet is an open source device management, built on osquery. In vulnerable versions of Fleet, an attacker could craft a specially-formed SAML response to forge authentication assertions, provision a new administrative user account if Just-In-Time (JIT) provisioning is enabled, or create new accounts tied to forged assertions if f MDM enrollment is enabled. This vulnerability is fixed in 4.64.2, 4.63.2, 4.62.4, and 4.58.1.

CVSS

No CVSS.

References

Link	Resource
https://github.com/fleetdm/fleet/commit/718c95e47ad010ad6b8ceb3f3460e921fbfc53bb
https://github.com/fleetdm/fleet/security/advisories/GHSA-52jx-g6m5-h735

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) fleedm/fleet es un sistema de gestión de dispositivos de código abierto, basado en osquery. En versiones vulnerables de Fleet, un atacante podría crear una respuesta SAML especialmente manipulada para falsificar las afirmaciones de autenticación, proporcionar una nueva cuenta de usuario administrativo si el aprovisionamiento Just-In-Time (JIT) está habilitado o crear nuevas cuentas vinculadas a afirmaciones falsificadas si la inscripción a MDM está habilitada. Esta vulnerabilidad se ha corregido en 4.64.2, 4.63.2, 4.62.4 y 4.58.1.

06 Mar 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-06 19:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-27509

Mitre link : CVE-2025-27509

CVE.ORG link : CVE-2025-27509

JSON object : View

Products Affected

No product.

CWE

CWE-285

Improper Authorization

{"id": "CVE-2025-27509", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-03-06T19:15:27.973", "references": [{"url": "https://github.com/fleetdm/fleet/commit/718c95e47ad010ad6b8ceb3f3460e921fbfc53bb", "source": "security-advisories@github.com"}, {"url": "https://github.com/fleetdm/fleet/security/advisories/GHSA-52jx-g6m5-h735", "source": "security-advisories@github.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-285"}]}], "descriptions": [{"lang": "en", "value": "fleetdm/fleet is an open source device management, built on osquery. In vulnerable versions of Fleet, an attacker could craft a specially-formed SAML response to forge authentication assertions, provision a new administrative user account if Just-In-Time (JIT) provisioning is enabled, or create new accounts tied to forged assertions if f MDM enrollment is enabled. This vulnerability is fixed in 4.64.2, 4.63.2, 4.62.4, and 4.58.1."}, {"lang": "es", "value": "fleedm/fleet es un sistema de gesti\u00f3n de dispositivos de c\u00f3digo abierto, basado en osquery. En versiones vulnerables de Fleet, un atacante podr\u00eda crear una respuesta SAML especialmente manipulada para falsificar las afirmaciones de autenticaci\u00f3n, proporcionar una nueva cuenta de usuario administrativo si el aprovisionamiento Just-In-Time (JIT) est\u00e1 habilitado o crear nuevas cuentas vinculadas a afirmaciones falsificadas si la inscripci\u00f3n a MDM est\u00e1 habilitada. Esta vulnerabilidad se ha corregido en 4.64.2, 4.63.2, 4.62.4 y 4.58.1."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "security-advisories@github.com"}