FKIE_CVE-2025-68609

Vulnerability from fkie_nvd - Published: 2026-01-22 19:15 - Updated: 2026-04-15 00:35
Severity ?
6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in Palantir's Aries service allowed unauthenticated access to log viewing and management functionality on Apollo instances using default configuration. The defect resulted in both authentication and authorization checks being bypassed, potentially allowing any network-accessible client to view system logs and perform operations without valid credentials. No evidence of exploitation was identified during the vulnerability window.
References
cve-coordination@palantir.comhttps://palantir.safebase.us/?tcuUid=955a313a-1735-48a6-9fb4-e10404f14eb5
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in Palantir\u0027s Aries service allowed unauthenticated access to log viewing and management functionality on Apollo instances using default configuration. The defect resulted in both authentication and authorization checks being bypassed, potentially allowing any network-accessible client to view system logs and perform operations without valid credentials. No evidence of exploitation was identified during the vulnerability window."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el servicio Aries de Palantir permiti\u00f3 acceso no autenticado a la funcionalidad de visualizaci\u00f3n y gesti\u00f3n de registros en instancias de Apollo que utilizaban la configuraci\u00f3n predeterminada. El defecto result\u00f3 en que tanto las comprobaciones de autenticaci\u00f3n como las de autorizaci\u00f3n fueran eludidas, permitiendo potencialmente a cualquier cliente accesible por red ver los registros del sistema y realizar operaciones sin credenciales v\u00e1lidas. No se identific\u00f3 evidencia de explotaci\u00f3n durante la ventana de vulnerabilidad."
    }
  ],
  "id": "CVE-2025-68609",
  "lastModified": "2026-04-15T00:35:42.020",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 5.9,
        "source": "cve-coordination@palantir.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-22T19:15:53.793",
  "references": [
    {
      "source": "cve-coordination@palantir.com",
      "url": "https://palantir.safebase.us/?tcuUid=955a313a-1735-48a6-9fb4-e10404f14eb5"
    }
  ],
  "sourceIdentifier": "cve-coordination@palantir.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-305"
        }
      ],
      "source": "cve-coordination@palantir.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.