What is CVE-2025-26511?

A high-severity vulnerability affecting Instaclustr's Cassandra-Lucene-Index plugin could allow authenticated users to bypass role-based access control in systems running Apache Cassandra. Immediate action is required to mitigate potential risks.

What is the severity of CVE-2025-26511?

CVE-2025-26511 has a severity rating of HIGH with a CVSS base score of 8.8.

CVE-2025-26511 | High Vulnerability in Instaclustr Cassandra-Lucene-Index Plugin

This vulnerability allows systems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 and 4.1.2-1.0.0 through 4.1.8-1.0.0, installed into Apache Cassandra version 4.x, to be susceptible. When successfully exploited, it could allow authenticated Cassandra users to remotely bypass RBAC and escalate their privileges.

The CVSS score for this vulnerability is 8.8, categorizing it as high severity. The implications of this vulnerability are significant, as it could lead to unauthorized access and control over sensitive data. Organizations must assess their exposure to this issue, particularly those utilizing the affected versions of the plugin.

Given the potential for exploitation, organizations should prioritize patching immediately. The vulnerability was published on February 13, 2025, and has been classified under CWE-863, which pertains to improper authorization.

Currently, there is no public exploit confirmed for this vulnerability, and it has not been included in the Known Exploited Vulnerabilities (KEV) catalog. However, the risk to organizations includes potential escalation of privileges that could compromise data integrity and confidentiality.

The urgency for defenders is high, and they should address this vulnerability in their patch cycle to mitigate the risk associated with this exposure.

Vulnerability Details

The vulnerability affects systems using the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin across several versions. The CVSS score indicates a high level of potential impact, with an attack vector of NETWORK, low attack complexity, and low privileges required for exploitation. The impacts on confidentiality, integrity, and availability are all rated as high.

Technical Analysis

The root cause of this vulnerability lies in the misconfiguration of role-based access control (RBAC), allowing authenticated users to escalate their privileges unexpectedly. The attack vector is primarily network-based, meaning that an attacker does not need to have physical access to the systems but can exploit them remotely.

Risk & Impact Analysis

Risk to organizations includes unauthorized access to sensitive systems and potential data breaches. As systems increasingly rely on plugins like the Cassandra-Lucene-Index for essential functionalities, the blast radius of such vulnerabilities can be extensive, affecting multiple layers of application security.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

Affected versions include the Instaclustr fork of the Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 and 4.1.2-1.0.0 through 4.1.8-1.0.0, installed in Apache Cassandra version 4.x.

Mitigation & Remediation

Organizations should prioritize upgrading to the latest version of the Cassandra-Lucene-Index plugin to mitigate this vulnerability. For those unable to upgrade immediately, it is advisable to review RBAC configurations and consider restricting access to sensitive functionalities until a patch is applied. Additional security measures may include implementing network controls and monitoring access logs for unusual activity.

Detection Guidance

Monitoring for unauthorized access attempts and analyzing logs for anomalies are essential in detecting exploitation attempts. Organizations should keep an eye on privilege escalation activities and ensure that all access controls are functioning as expected.

AppSecure Threat Intelligence Insight

This vulnerability highlights the importance of secure configurations surrounding access controls in database management systems. Security teams should learn from this incident to enhance their role-based access control mechanisms. For more insights on securing database environments, organizations can refer to our comprehensive vulnerability management program.

Furthermore, organizations are encouraged to engage in penetration testing regularly to identify vulnerabilities before they can be exploited.

In light of this vulnerability, security teams should also focus on cloud security assessments to ensure that all deployed applications maintain a robust security posture against similar threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-26511: High Vulnerability in Instaclustr Cassandra-Lucene-Index Plugin