Login Sign Up

CVE-2023-25560

8.2 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability in DataHub's AuthServiceClient allows attackers to manipulate JSON strings with user-controlled data, potentially leading to authentication bypass and unauthorized system account creation. All DataHub instances running vulnerable versions are affected, which could result in full system compromise.

💻 Affected Systems

Products:
  • DataHub
Versions: All versions prior to v0.10.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All DataHub deployments using the vulnerable AuthServiceClient component are affected regardless of configuration.

📦 What is this software?

Datahub by Datahub

View all CVEs affecting Datahub →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through authentication bypass, unauthorized account creation, and complete control over the DataHub instance.

🟠

Likely Case

Authentication bypass leading to unauthorized access, privilege escalation, and potential data exfiltration or manipulation.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, but still vulnerable to authenticated users.

🌐 Internet-Facing: HIGH - Internet-facing DataHub instances are directly exploitable by unauthenticated attackers.
🏢 Internal Only: HIGH - Internal instances remain vulnerable to both internal and compromised user accounts.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires understanding of JSON manipulation and DataHub's authentication flow, but no public exploit code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.10.0 and later

Vendor Advisory: https://github.com/datahub-project/datahub/security/advisories/GHSA-6rpf-5cfg-h8f3

Restart Required: Yes

Instructions:

1. Backup your DataHub instance. 2. Upgrade to DataHub v0.10.0 or later. 3. Restart all DataHub services. 4. Verify the upgrade was successful.

🧯 If You Can't Patch

  • Isolate DataHub instance from untrusted networks and internet access.
  • Implement strict network access controls and monitor for suspicious authentication attempts.

🔍 How to Verify

Check if Vulnerable:

Check DataHub version: if running version earlier than v0.10.0, the system is vulnerable.

Check Version:

Check DataHub deployment configuration or run: kubectl get pods -n datahub -o jsonpath='{.items[*].spec.containers[*].image}' (for Kubernetes deployments)

Verify Fix Applied:

Verify DataHub version is v0.10.0 or later and test authentication flows for expected behavior.

📡 Detection & Monitoring

Log Indicators:

  • Unusual authentication patterns
  • Multiple failed login attempts followed by successful login from same IP
  • Account creation events from unexpected sources

Network Indicators:

  • Unusual JSON payloads in authentication requests
  • Multiple authentication requests with varying JSON structures

SIEM Query:

source="datahub" AND (event_type="authentication" OR event_type="account_creation") AND (payload CONTAINS "}" OR payload CONTAINS "{") | stats count by src_ip, user

📊 Metadata

CVE ID: CVE-2023-25560
CVSS v3 Score: 8.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
CWE: CWE-913
Published: February 11, 2023
Last Updated: December 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-25560, you might also want to check these:

CVE-2023-29017 10.0

CVE-2023-29017 is a critical sandbox escape vulnerability in vm2 that allows attackers to bypass san...

Same vulnerability type (CWE-913)
CVE-2026-25049 9.9

This vulnerability allows authenticated users with workflow creation/modification permissions in n8n...

Same vulnerability type (CWE-913)
CVE-2020-15568 9.8

CVE-2020-15568 is a critical remote code execution vulnerability in TerraMaster TOS that allows atta...

Same vulnerability type (CWE-913)