Login Sign Up

CVE-2025-24353

5.0 MEDIUM
Authentication Bypass

📋 TL;DR

This vulnerability in Directus allows users with typical permissions to specify arbitrary roles when sharing items, potentially granting access to fields they shouldn't see. It affects instances using the share feature with role hierarchies and field visibility restrictions. Only Directus versions before 11.2.0 are vulnerable.

💻 Affected Systems

Products:
  • Directus
Versions: All versions prior to 11.2.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects instances using the share feature with role hierarchies and field visibility restrictions.

📦 What is this software?

Directus by Monospace

View all CVEs affecting Directus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Unauthorized users gain access to sensitive data fields by elevating their role permissions through shared items, potentially exposing confidential information.

🟠

Likely Case

Users with limited permissions can view data fields intended for higher-privileged roles, leading to information disclosure.

🟢

If Mitigated

With proper role-based access controls and monitoring, impact is limited to minor information leakage that can be quickly detected.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated user access and knowledge of the share feature.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.2.0

Vendor Advisory: https://github.com/directus/directus/security/advisories/GHSA-pmf4-v838-29hg

Restart Required: Yes

Instructions:

1. Backup your Directus instance and database. 2. Update Directus to version 11.2.0 or later. 3. Restart the Directus service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Disable Share Feature

all

Temporarily disable the share functionality until patching is possible.

Modify Directus configuration to disable sharing features

Restrict Role Assignments

all

Implement additional validation to prevent role escalation in share operations.

Add custom middleware to validate role permissions before sharing

🧯 If You Can't Patch

  • Implement strict monitoring of share operations and role changes
  • Review and audit all existing shared items for unauthorized role assignments

🔍 How to Verify

Check if Vulnerable:

Check if Directus version is below 11.2.0 and if share feature is enabled with role-based field restrictions.

Check Version:

Check Directus admin interface or API for version information

Verify Fix Applied:

Confirm Directus version is 11.2.0 or later and test that users cannot specify arbitrary roles when sharing items.

📡 Detection & Monitoring

Log Indicators:

  • Unusual share operations with role changes
  • Access to fields by users with insufficient permissions

Network Indicators:

  • API calls to share endpoints with role parameters

SIEM Query:

Search for share operations where user role differs from assigned role in activity logs

📊 Metadata

CVE ID: CVE-2025-24353
CVSS v3 Score: 5.0 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CWE: CWE-269
EPSS Score: 0.17% exploit probability (38.6th percentile)
Published: January 23, 2025
Last Updated: November 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-24353, you might also want to check these:

CVE-2023-48419 10.0

This vulnerability allows an attacker within Wi-Fi range of a Google Home device to spy on the victi...

Same vulnerability type (CWE-269)
CVE-2025-20282 10.0

This critical vulnerability in Cisco ISE and ISE-PIC allows unauthenticated remote attackers to uplo...

Same vulnerability type (CWE-269)
CVE-2022-24783 10.0

This critical vulnerability in Deno runtime allows malicious code to bypass all permission checks an...

Same vulnerability type (CWE-269)