vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker can obtain owner rights of other organization. Hacker should know the ID of victim organization (in real case the user can be a part of the organization as an unprivileged user) and be the owner/admin of other organization (by default you can create your own organization) in order to attack. This vulnerability is fixed in 1.33.0.
References
Link | Resource |
---|---|
https://github.com/dani-garcia/vaultwarden/releases/tag/1.33.0 | Release Notes |
https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-j4h8-vch3-f797 | Exploit Vendor Advisory |
Configurations
History
20 Aug 2025, 13:56
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:dani-garcia:vaultwarden:*:*:*:*:*:*:*:* | |
Summary |
|
|
First Time |
Dani-garcia
Dani-garcia vaultwarden |
|
CWE | NVD-CWE-noinfo | |
References | () https://github.com/dani-garcia/vaultwarden/releases/tag/1.33.0 - Release Notes | |
References | () https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-j4h8-vch3-f797 - Exploit, Vendor Advisory |
27 Jan 2025, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-01-27 18:15
Updated : 2025-08-20 13:56
NVD link : CVE-2025-24365
Mitre link : CVE-2025-24365
CVE.ORG link : CVE-2025-24365
JSON object : View
Products Affected
dani-garcia
- vaultwarden
CWE