How severe is CVE-2025-24860?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2025-24860?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2025-24860

MEDIUM Year: 2025

CVSS v3 Score

5.4

Medium

Weakness Type

CWE-863

View all →

Vulnerability Description

Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control language (DCL) statements on affected versions. This issue affects Apache Cassandra: from 4.0.0 through 4.0.15 and from 4.1.0 through 4.1.7 for CassandraNetworkAuthorizer, and from 5.0.0 through 5.0.2 for both CassandraNetworkAuthorizer and CassandraCIDRAuthorizer. Operators using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer on affected versions should review data access rules for potential breaches. Users are recommended to upgrade to versions 4.0.16, 4.1.8, 5.0.3, which fixes the issue.

CVE-2017-2599

MEDIUM

CVSS:5.4(Medium)

Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't hav...

CWE-8632017

CVE-2018-1000106

MEDIUM

CVSS:5.4(Medium)

An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall...

CWE-8632018

CVE-2018-10212

MEDIUM

CVSS:5.4(Medium)

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization leading to creation of folders within another account via a modified device value.

CWE-8632018

CVE-2020-1725

MEDIUM

CVSS:5.4(Medium)

A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access tok...

CWE-8632020

CVE-2020-26555

MEDIUM

CVSS:5.4(Medium)

Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing withou...

CWE-8632020

CVE-2020-4794

MEDIUM

CVSS:5.4(Medium)

IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensit...

CWE-8632020

CVE-2025-24860

Vulnerability Description

Related Vulnerabilities

CVE-2017-2599

CVE-2018-1000106

CVE-2018-10212

CVE-2020-1725

CVE-2020-26555

CVE-2020-4794