fleetdm fleet up to 4.58.0/4.62.3/4.63.1/4.64.1 improper authorization

Summaryinfo

A vulnerability described as critical has been identified in fleetdm fleet up to 4.58.0/4.62.3/4.63.1/4.64.1. This vulnerability affects unknown code. The manipulation results in improper authorization. This vulnerability is cataloged as CVE-2025-27509. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

Detailsinfo

A vulnerability, which was classified as critical, was found in fleetdm fleet up to 4.58.0/4.62.3/4.63.1/4.64.1. Affected is an unknown code block. The manipulation with an unknown input leads to a improper authorization vulnerability. CWE is classifying the issue as CWE-285. The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

fleetdm/fleet is an open source device management, built on osquery. In vulnerable versions of Fleet, an attacker could craft a specially-formed SAML response to forge authentication assertions, provision a new administrative user account if Just-In-Time (JIT) provisioning is enabled, or create new accounts tied to forged assertions if f MDM enrollment is enabled. This vulnerability is fixed in 4.64.2, 4.63.2, 4.62.4, and 4.58.1.

The advisory is shared for download at github.com. This vulnerability is traded as CVE-2025-27509 since 02/26/2025. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1548.002.

Upgrading to version 4.58.1, 4.62.4, 4.63.2 or 4.64.2 eliminates this vulnerability. Applying the patch 718c95e47ad010ad6b8ceb3f3460e921fbfc53bb is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

Once again VulDB remains the best source for vulnerability data.

Productinfo

Vendor

• fleetdm

Name

• fleet

Version

• 4.0
• 4.1
• 4.2
• 4.3
• 4.4
• 4.5
• 4.6
• 4.7
• 4.8
• 4.9
• 4.10
• 4.11
• 4.12
• 4.13
• 4.14
• 4.15
• 4.16
• 4.17
• 4.18
• 4.19
• 4.20
• 4.21
• 4.22
• 4.23
• 4.24
• 4.25
• 4.26
• 4.27
• 4.28
• 4.29
• 4.30
• 4.31
• 4.32
• 4.33
• 4.34
• 4.35
• 4.36
• 4.37
• 4.38
• 4.39
• 4.40
• 4.41
• 4.42
• 4.43
• 4.44
• 4.45
• 4.46
• 4.47
• 4.48
• 4.49
• 4.50
• 4.51
• 4.52
• 4.53
• 4.54
• 4.55
• 4.56
• 4.57
• 4.58.0
• 4.62.0
• 4.62.1
• 4.62.2
• 4.62.3
• 4.63.0
• 4.63.1
• 4.64.0
• 4.64.1

License

• open-source

Website

• Product: https://github.com/fleetdm/fleet/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion