CVE-2025-35431

CISA Thorium does not escape user controlled strings used in LDAP queries. An authenticated remote attacker can modify LDAP authorization data such as group memberships. Fixed in 1.1.1.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/cisagov/thorium/commit/7c94a0b9bc2dc55e0c307360452f348bac06820c#diff-45e1e58dfb6faacf9efe778c31ead287d8e13ae07c5dad084c792bc4a0605a68R1007-R1008	Patch
https://github.com/cisagov/thorium/releases/tag/1.1.1	Release Notes
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-259-01.json	Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-35431	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisa:thorium:*:*:*:*:*:*:*:*

History

26 Sep 2025, 14:36

Type	Values Removed	Values Added
First Time		Cisa Cisa thorium
References	~~() https://github.com/cisagov/thorium/commit/7c94a0b9bc2dc55e0c307360452f348bac06820c#diff-45e1e58dfb6faacf9efe778c31ead287d8e13ae07c5dad084c792bc4a0605a68R1007-R1008 -~~	() https://github.com/cisagov/thorium/commit/7c94a0b9bc2dc55e0c307360452f348bac06820c#diff-45e1e58dfb6faacf9efe778c31ead287d8e13ae07c5dad084c792bc4a0605a68R1007-R1008 - Patch
References	~~() https://github.com/cisagov/thorium/releases/tag/1.1.1 -~~	() https://github.com/cisagov/thorium/releases/tag/1.1.1 - Release Notes
References	~~() https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-259-01.json -~~	() https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-259-01.json - Third Party Advisory
References	~~() https://www.cve.org/CVERecord?id=CVE-2025-35431 -~~	() https://www.cve.org/CVERecord?id=CVE-2025-35431 - Third Party Advisory
CPE		cpe:2.3:a:cisa:thorium::::::::

17 Sep 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-09-17 17:15

Updated : 2025-09-26 14:36

NVD link : CVE-2025-35431

Mitre link : CVE-2025-35431

CVE.ORG link : CVE-2025-35431

JSON object : View

Products Affected

cisa

thorium

CWE

CWE-90

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

{"id": "CVE-2025-35431", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "9119a7d8-5eab-497f-8521-727c672e3725", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "9119a7d8-5eab-497f-8521-727c672e3725", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-09-17T17:15:43.260", "references": [{"url": "https://github.com/cisagov/thorium/commit/7c94a0b9bc2dc55e0c307360452f348bac06820c#diff-45e1e58dfb6faacf9efe778c31ead287d8e13ae07c5dad084c792bc4a0605a68R1007-R1008", "tags": ["Patch"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://github.com/cisagov/thorium/releases/tag/1.1.1", "tags": ["Release Notes"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-259-01.json", "tags": ["Third Party Advisory"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-35431", "tags": ["Third Party Advisory"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "9119a7d8-5eab-497f-8521-727c672e3725", "description": [{"lang": "en", "value": "CWE-90"}]}], "descriptions": [{"lang": "en", "value": "CISA Thorium does not escape user controlled strings used in LDAP queries. An authenticated remote attacker can modify LDAP authorization data such as group memberships. Fixed in 1.1.1."}], "lastModified": "2025-09-26T14:36:09.630", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisa:thorium:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62B4CA63-26B3-44B6-B782-A71E49BC61AD", "versionEndExcluding": "1.1.1", "versionStartIncluding": "1.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725"}