CVE-2025-57817: Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation

September 8, 2025 (updated September 10, 2025)

The OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with client:create or client:update permissions to escalate their privileges to owner-level.

References

github.com/advisories/GHSA-hjfh-p8f5-24wr
github.com/ethyca/fides
github.com/ethyca/fides/commit/2ffd125e1089a09b84c27fb5279a05960cbf2452
github.com/ethyca/fides/releases/tag/2.69.1
github.com/ethyca/fides/security/advisories/GHSA-hjfh-p8f5-24wr
nvd.nist.gov/vuln/detail/CVE-2025-57817

Code Behaviors & Features

Detect and mitigate CVE-2025-57817 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →