Login Sign Up

CVE-2025-8794

5.3 MEDIUM
Authentication Bypass

📋 TL;DR

This vulnerability in LitmusChaos Litmus allows local attackers to bypass authorization by manipulating the projectID argument in the LocalStorage Handler component. It affects LitmusChaos Litmus versions up to 3.19.0. Attackers need local access to exploit this vulnerability.

💻 Affected Systems

Products:
  • LitmusChaos Litmus
Versions: up to 3.19.0
Operating Systems: All platforms running LitmusChaos
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments with LocalStorage Handler component are affected. Requires local access to the system running LitmusChaos.

📦 What is this software?

Litmus by Litmuschaos

View all CVEs affecting Litmus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with local access could gain unauthorized access to project resources, potentially modifying or deleting chaos experiments, configurations, or sensitive project data.

🟠

Likely Case

Local users could access projects they shouldn't have permission to view, potentially exposing sensitive chaos testing configurations or results.

🟢

If Mitigated

With proper network segmentation and local access controls, impact is limited to authorized local users only.

🌐 Internet-Facing: LOW - Requires local access, cannot be exploited remotely.
🏢 Internal Only: MEDIUM - Internal users with local access could exploit this to bypass project-level authorization controls.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit details are publicly disclosed. Requires local access and some knowledge of the system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.20.0 or later

Vendor Advisory: https://github.com/litmuschaos/litmus

Restart Required: Yes

Instructions:

1. Upgrade LitmusChaos to version 3.20.0 or later. 2. Restart all LitmusChaos components. 3. Verify the upgrade was successful.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit local access to LitmusChaos systems to authorized personnel only

Network Segmentation

all

Isolate LitmusChaos systems from general user networks

🧯 If You Can't Patch

  • Implement strict access controls to limit who has local access to LitmusChaos systems
  • Monitor for unauthorized access attempts to LocalStorage Handler component

🔍 How to Verify

Check if Vulnerable:

Check LitmusChaos version: kubectl get pods -n litmus -o jsonpath='{.items[*].spec.containers[*].image}' | grep -o 'litmuschaos/litmus:[0-9.]*'

Check Version:

kubectl get pods -n litmus -o jsonpath='{.items[*].spec.containers[*].image}' | grep -o 'litmuschaos/litmus:[0-9.]*'

Verify Fix Applied:

Verify version is 3.20.0 or later using the same command and check that authorization checks are working properly

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to LocalStorage Handler
  • Failed authorization checks for projectID manipulation

Network Indicators:

  • Local connections to LitmusChaos API with suspicious projectID parameters

SIEM Query:

source="litmus" AND ("LocalStorage Handler" OR "projectID") AND ("unauthorized" OR "access denied")

📊 Metadata

CVE ID: CVE-2025-8794
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-285
EPSS Score: 0.02% exploit probability (4.4th percentile)
Published: August 10, 2025
Last Updated: September 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8794, you might also want to check these:

CVE-2025-65041 10.0

CVE-2025-65041 is an improper authorization vulnerability in Microsoft Partner Center that allows un...

Same vulnerability type (CWE-285)
CVE-2021-37705 10.0

CVE-2021-37705 is an authorization bypass vulnerability in OneFuzz that allows authenticated users f...

Same vulnerability type (CWE-285)
CVE-2023-33189 10.0

CVE-2023-33189 is an authorization bypass vulnerability in Pomerium identity-aware access proxy. Att...

Same vulnerability type (CWE-285)