CVE-2025-48371 Overview
CVE-2025-48371 is an authorization bypass vulnerability in OpenFGA, an open-source authorization/permission engine built on the Zanzibar model. The vulnerability affects OpenFGA versions 1.8.0 through 1.8.12 and allows attackers to bypass authorization checks when specific conditions involving Check and ListObjects API calls are met with contextual tuples.
Critical Impact
When exploited, this vulnerability enables unauthorized access by bypassing authorization controls. Attackers can potentially gain permissions they should not have through carefully crafted API requests using contextual tuples with userset user fields when type-bound public access and userset relationships are configured together.
Affected Products
- OpenFGA versions 1.8.0 through 1.8.12
- Helm chart openfga-0.2.16 through openfga-0.2.30
- Docker images 1.8.0 through 1.8.12
Discovery Timeline
- 2025-05-22 - CVE-2025-48371 published to NVD
- 2025-05-23 - Last updated in NVD database
Technical Details for CVE-2025-48371
Vulnerability Analysis
This authorization bypass vulnerability (CWE-285: Improper Authorization) exists in OpenFGA's tuple reading logic. The flaw occurs when the authorization model has a relationship that can be directly assigned by both type-bound public access and userset definitions. When contextual tuples are provided with the user field containing a userset value, and no type-bound public access tuples exist for that relationship, the authorization check may incorrectly evaluate permissions.
The vulnerability requires four specific conditions to be exploited: (1) calling Check API or ListObjects with an authorization model having a relationship directly assignable by both type-bound public access and userset, (2) check or list object queries using contextual tuples for that relationship, (3) contextual tuples with userset values in the user field, and (4) no type-bound public access tuples assigned to that relationship.
Root Cause
The root cause lies in the combinedtuplereader.go component's handling of contextual tuples. The original implementation failed to properly validate whether contextual tuples with userset user fields matched the allowed user type restrictions defined in the authorization model. This gap allowed contextual tuples to be processed without verifying they conform to the expected user type patterns.
Attack Vector
An attacker with network access to the OpenFGA API and low-level privileges can exploit this vulnerability by:
- Identifying authorization models with relationships assignable by both type-bound public access and usersets
- Crafting Check or ListObjects API calls with contextual tuples
- Setting the contextual tuple's user field to a userset value
- Exploiting the lack of type-bound public access tuples to bypass authorization checks
The attack requires specific authorization model configurations but can be executed remotely over the network.
// Security patch adding tuple validation against allowed user type restrictions
// Source: https://github.com/openfga/openfga/commit/e5960d4eba92b723de8ff3a5346a07f50c1379ca
func tupleMatchesAllowedUserTypeRestrictions(t *openfgav1.Tuple,
allowedUserTypeRestrictions []*openfgav1.RelationReference) bool {
tupleUser := t.GetKey().GetUser()
if tuple.GetUserTypeFromUser(tupleUser) != tuple.UserSet {
return false
}
// We expect there is always allowedUserTypeRestrictions. If none is specified,
// the request itself is unexpected and the safe thing is not return the
// contextual tuples.
for _, allowedUserType := range allowedUserTypeRestrictions {
if _, ok := allowedUserType.GetRelationOrWildcard().(*openfgav1.RelationReference_Wildcard); ok {
if tuple.IsTypedWildcard(tupleUser) && tuple.GetType(tupleUser) == allowedUserType.GetType() {
return true
}
}
if _, ok := allowedUserType.GetRelationOrWildcard().(*openfgav1.RelationReference_Relation); ok {
if tuple.IsObjectRelation(tupleUser) &&
tuple.GetType(tupleUser) == allowedUserType.GetType() &&
tuple.GetRelation(tupleUser) == allowedUserType.GetRelation() {
return true
}
}
}
return false
}
Detection Methods for CVE-2025-48371
Indicators of Compromise
- Unusual Check or ListObjects API calls containing contextual tuples with userset values
- Authorization decisions granting access that should have been denied based on the model configuration
- API requests targeting relationships with both type-bound public access and userset assignability
- Audit logs showing permission grants without corresponding tuple assignments
Detection Strategies
- Monitor OpenFGA API logs for Check and ListObjects calls containing contextual tuples
- Implement alerting on authorization decisions for relationships with mixed public access and userset configurations
- Review authorization models for relationships that combine type-bound public access with userset assignability
- Deploy application-level logging to track contextual tuple usage patterns
Monitoring Recommendations
- Enable detailed audit logging on OpenFGA API endpoints, particularly /stores/{store_id}/check and /stores/{store_id}/list-objects
- Establish baselines for normal contextual tuple usage and alert on deviations
- Implement runtime monitoring to detect unexpected authorization grants
- Review authorization model changes that introduce relationships with both public access and userset types
How to Mitigate CVE-2025-48371
Immediate Actions Required
- Upgrade OpenFGA to version 1.8.13 immediately
- If using Helm, update to chart version openfga-0.2.31 or later
- Review authorization models for relationships with both type-bound public access and userset assignability
- Audit recent authorization decisions for potential unauthorized access grants
Patch Information
The fix is available in OpenFGA version 1.8.13. The patch adds the tupleMatchesAllowedUserTypeRestrictions function to validate that contextual tuples with userset user fields properly match the allowed user type restrictions in the authorization model. The upgrade is backwards compatible and does not require authorization model changes.
For complete patch details, see the GitHub commit and GitHub Security Advisory.
Workarounds
- Avoid using contextual tuples with userset values in Check or ListObjects calls until patched
- Review and potentially redesign authorization models to avoid combining type-bound public access with userset on the same relationship
- Implement application-level validation of authorization decisions as an additional security layer
- Consider rate limiting API endpoints to reduce exploitation opportunities
# Upgrade OpenFGA using Helm
helm repo update
helm upgrade openfga openfga/openfga --version 0.2.31
# Alternatively, upgrade Docker image
docker pull openfga/openfga:v1.8.13
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
