CVE-2025-68609

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-68609
A vulnerability in Palantir's Aries service allowed unauthenticated access to log viewing and management functionality on Apollo instances using default configuration. The defect resulted in both authentication and authorization checks being bypassed, potentially allowing any network-accessible client to view system logs and perform operations without valid credentials. No evidence of exploitation was identified during the vulnerability window.

6.6 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.7 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://palantir.safebase.us/?tcuUid=955a313a-1735-48a6-9fb4-e10404f14eb5
Configurations

No configuration.

History

15 Apr 2026, 00:35

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad en el servicio Aries de Palantir permitió acceso no autenticado a la funcionalidad de visualización y gestión de registros en instancias de Apollo que utilizaban la configuración predeterminada. El defecto resultó en que tanto las comprobaciones de autenticación como las de autorización fueran eludidas, permitiendo potencialmente a cualquier cliente accesible por red ver los registros del sistema y realizar operaciones sin credenciales válidas. No se identificó evidencia de explotación durante la ventana de vulnerabilidad.

22 Jan 2026, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2026-01-22 19:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-68609

Mitre link : CVE-2025-68609

CVE.ORG link : CVE-2025-68609

JSON object : View

Products Affected

No product.

CWE
CWE-305

Authentication Bypass by Primary Weakness