CVE-2025-13475 in Identity Server
Summary
by MITRE • 07/04/2026
In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants, leading to unintended cross-tenant consent sharing.
This vulnerability may result in the exposure of user data across tenants, enabling SaaS applications in different tenants to access and modify information without explicit user authorization. This can lead to unauthorized data access and privacy violations. This vulnerability has no impact if the deployment does not support multi-tenancy.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 07/04/2026
This vulnerability represents a critical multi-tenant isolation failure in application consent management systems that directly violates fundamental security principles of separation and access control. The flaw occurs when the system fails to properly maintain tenant boundaries during the consent approval process, creating a scenario where user permissions granted within one tenant context inadvertently extend to identical application names in other tenant environments. This cross-tenant consent sharing mechanism operates at the core of identity and access management systems, particularly affecting cloud-based SaaS platforms that rely on delegated consent models for application integration.
The technical implementation flaw stems from inadequate tenant context validation during consent workflows, where the system does not properly verify or enforce tenant-specific boundaries when processing user approvals. This allows a malicious actor or compromised user in one tenant to potentially influence consent decisions that affect other tenants sharing the same application identifiers. The vulnerability is particularly concerning because it operates silently at the authorization layer, making detection difficult and enabling persistent unauthorized access patterns. According to CWE-639, this represents a weakness in authentication where permissions are not properly scoped to their intended context, while ATT&CK technique T1531 focuses on privilege escalation through improper access control mechanisms.
The operational impact of this vulnerability extends beyond simple data exposure to encompass potential data modification, unauthorized access to sensitive user information, and violation of privacy regulations such as GDPR and CCPA. When users consent to applications in one tenant, their approval can inadvertently grant access to data in other tenants, creating a cascading effect that can compromise multiple organizations within the same deployment environment. This cross-tenant data exposure can lead to competitive intelligence leaks, regulatory violations, and significant reputational damage for cloud service providers. The vulnerability is particularly dangerous in environments where different tenants may have varying security requirements or regulatory compliance needs, as the isolation mechanisms fail to maintain these distinctions.
Mitigation strategies must focus on implementing strict tenant context validation during consent processes, ensuring that application identifiers are properly scoped to their respective tenant environments, and maintaining separate consent management databases for each tenant. Organizations should implement tenant-specific application registration systems where identical application names cannot share consent contexts across different tenant boundaries. Additionally, regular security testing of multi-tenant isolation mechanisms, including penetration testing focused on consent boundary validation, should be conducted to identify potential cross-tenant exposure scenarios. The implementation of automated monitoring systems that can detect unusual consent patterns between tenants provides an additional layer of defense. Organizations must also consider implementing role-based access control with tenant-specific scopes and ensure that all consent management interfaces properly validate tenant context before processing user approvals. This vulnerability demonstrates the critical importance of maintaining proper isolation boundaries in multi-tenant architectures, as highlighted in industry standards such as NIST SP 800-53 controls for access control and system separation.