What is CVE-2025-24860?

A medium severity Incorrect Authorization vulnerability in Apache Cassandra can allow unauthorized access to datacenters or IP/CIDR groups. Organizations should promptly review their access controls and upgrade to patched versions to mitigate risks.

What is the severity of CVE-2025-24860?

CVE-2025-24860 has a severity rating of MEDIUM with a CVSS base score of 5.4.

CVE-2025-24860 | Medium Vulnerability in Apache Cassandra

CVE-2025-24860 reveals an Incorrect Authorization vulnerability in Apache Cassandra, specifically affecting versions from 4.0.0 to 4.0.15 and from 4.1.0 to 4.1.7 for the CassandraNetworkAuthorizer, as well as from 5.0.0 to 5.0.2 for both CassandraNetworkAuthorizer and CassandraCIDRAuthorizer. This vulnerability allows users to access datacenters or IP/CIDR groups they should not be able to. Users with restricted data center access can update their own permissions via data control language (DCL) statements, which may lead to unauthorized data exposure.

The severity of this vulnerability is classified as medium, with a CVSS score of 5.4. This score indicates that while the vulnerability is not critical, it poses a significant risk to organizations that rely on affected versions of Apache Cassandra. The potential for unauthorized access can lead to data breaches, making it imperative for organizations to address this issue.

As of now, no public exploit has been confirmed. However, the lack of verified exploitation status should not lead organizations to lower their guard. Organizations utilizing affected versions are encouraged to upgrade to versions 4.0.16, 4.1.8, or 5.0.3, which have been patched to resolve this vulnerability. Urgency should be considered high, given the potential impact on data security.

Organizations should prioritize reviewing their data access rules to prevent any potential breaches stemming from this vulnerability. Immediate action is crucial to mitigate risks associated with unauthorized access.

Vulnerability Details

This vulnerability allows unauthorized users to access datacenters or IP/CIDR groups through the misuse of CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. The vulnerability has been assigned a CVSS score of 5.4, indicating a medium severity level. The affected versions include Apache Cassandra from 4.0.0 to 4.0.15, from 4.1.0 to 4.1.7, and from 5.0.0 to 5.0.2.

Technical Analysis

Root cause analysis indicates that the problem stems from improper authorization checks within the CassandraNetworkAuthorizer and CassandraCIDRAuthorizer components. Attackers with low privileges can exploit this vulnerability due to the low attack complexity and lack of required user interaction. The attack vector is network-based, meaning that exploitation can occur remotely without physical access to the affected systems.

Risk & Impact Analysis

Risk to organizations includes potential unauthorized access to sensitive data, which could lead to data breaches and compliance violations. The blast radius for this vulnerability is considerable, as it affects multiple versions of Apache Cassandra. Given the CVSS score of 5.4, organizations should address this vulnerability in their priority patch cycle to prevent exploitation.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

Affected versions of Apache Cassandra include 4.0.0 to 4.0.15, 4.1.0 to 4.1.7, and 5.0.0 to 5.0.2. Organizations should upgrade to versions 4.0.16, 4.1.8, or 5.0.3, where this vulnerability has been addressed.

Mitigation & Remediation

Organizations should promptly upgrade to the fixed versions of Apache Cassandra: 4.0.16, 4.1.8, or 5.0.3. In addition to upgrading, reviewing and hardening data access controls is vital to prevent unauthorized access. Implementing monitoring for unusual access patterns can further enhance security.

Detection Guidance

Organizations should monitor logs for any unauthorized permission changes and unusual access to datacenters or IP groups. Behavioral anomalies related to user permissions should be investigated promptly to identify potential breaches.

AppSecure Threat Intelligence Insight

The medium severity of CVE-2025-24860 highlights a significant risk for Apache Cassandra users, especially those with restricted access roles. Organizations should integrate continuous security testing into their practices to detect similar vulnerabilities proactively. For comprehensive security assessments, organizations may consider engaging in penetration testing services. Additionally, following best practices in data access and monitoring can mitigate the risks posed by vulnerabilities like this. Organizations should stay informed on security trends and updates to ensure their security posture remains robust.

Understanding the implications of such vulnerabilities can guide security teams in prioritizing their remediation efforts. Engaging in proactive measures such as regular security assessments can significantly reduce the likelihood of exploitation.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-24860: Medium Vulnerability in Apache Cassandra