CVE-2025-57815 – Fides Admin UI login endpoint lacks specific an... (How to Fix)

Q: What is the severity of CVE-2025-57815?

CVE-2025-57815 has a CVSS score of 6.5 (MEDIUM). Fides Admin UI login endpoint lacks specific anti-automation controls, allowing attackers to conduct credential testing attacks like brute-force, credential stuffing, or password spraying. This affects Fides Open Source users and potentially Fides Enterprise users not using SSO. Attackers could compromise accounts with weak or previously breached passwords.

📋 TL;DR

Fides Admin UI login endpoint lacks specific anti-automation controls, allowing attackers to conduct credential testing attacks like brute-force, credential stuffing, or password spraying. This affects Fides Open Source users and potentially Fides Enterprise users not using SSO. Attackers could compromise accounts with weak or previously breached passwords.

💻 Affected Systems

Products:

Fides

Versions: All versions prior to 2.69.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Fides Open Source users are fully vulnerable. Fides Enterprise users can mitigate by enabling OIDC SSO.

📦 What is this software?

Fides by Ethyca

View all CVEs affecting Fides →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access to the Fides platform, potentially exposing sensitive privacy data, modifying configurations, or disrupting operations.

🟠

Likely Case

Attackers compromise user accounts with weak or reused passwords, gaining unauthorized access to privacy-related data and functionality.

🟢

If Mitigated

With proper rate limiting and SSO, attack success is significantly reduced, limiting impact to isolated account compromises.

🌐 Internet-Facing: HIGH - Login endpoints exposed to the internet are directly vulnerable to automated attacks.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could still exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires basic automation tools but no special technical skills. Attackers need valid usernames to target.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.69.1

Vendor Advisory: https://github.com/ethyca/fides/security/advisories/GHSA-7q62-r88r-j5gw

Restart Required: No

Instructions:

1. Backup your Fides configuration and data. 2. Update Fides to version 2.69.1 or later using your deployment method (Docker, Kubernetes, etc.). 3. Verify the update completed successfully.

🔧 Temporary Workarounds

Enable OIDC SSO (Enterprise Only)

all

Configure Single Sign-On through an OIDC provider (Azure, Google, Okta) and disable username/password authentication entirely.

Implement Web Application Firewall Rules

all

Configure WAF rules to enforce stricter rate limiting on login endpoints and block suspicious IPs.

🧯 If You Can't Patch

Implement network-level rate limiting or IP blocking for login endpoints
Enforce strong password policies and multi-factor authentication if available

🔍 How to Verify

Check if Vulnerable:

Check if Fides version is below 2.69.1 and if login endpoint lacks specific anti-automation controls.

Check Version:

Check Fides version in Admin UI or via API endpoint /api/v1/version

Verify Fix Applied:

Confirm Fides version is 2.69.1 or later and test that login endpoint now has proper rate limiting.

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts from single IP
Unusual login patterns or timing

Network Indicators:

High volume of POST requests to /api/v1/login
Traffic from known malicious IPs to login endpoint

SIEM Query:

source="fides" action="login" result="failure" | stats count by src_ip | where count > 10

📊 Metadata

CVE ID: CVE-2025-57815

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-307

EPSS Score: 0.05% exploit probability (16.7th percentile)

Published: September 8, 2025

Last Updated: September 10, 2025

🔗 References

https://github.com/ethyca/fides/commit/59903c195e2f9f8915a1db94950aefd557033a5c Patch
https://github.com/ethyca/fides/releases/tag/2.69.1 Release Notes
https://github.com/ethyca/fides/security/advisories/GHSA-7q62-r88r-j5gw Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-57815, you might also want to check these: