CVE-2025-8795 – This critical vulnerability in LitmusChaos Litm... (How to Fix)

Q: What is the severity of CVE-2025-8795?

CVE-2025-8795 has a CVSS score of 6.3 (MEDIUM). This critical vulnerability in LitmusChaos Litmus allows attackers to bypass access controls via improper validation of the projectID parameter in the /auth/login endpoint. Attackers can remotely exploit this to gain unauthorized access to projects or administrative functions. All LitmusChaos Litmus deployments up to version 3.19.0 are affected.

📋 TL;DR

This critical vulnerability in LitmusChaos Litmus allows attackers to bypass access controls via improper validation of the projectID parameter in the /auth/login endpoint. Attackers can remotely exploit this to gain unauthorized access to projects or administrative functions. All LitmusChaos Litmus deployments up to version 3.19.0 are affected.

💻 Affected Systems

Products:

LitmusChaos Litmus

Versions: up to 3.19.0

Operating Systems: All platforms running LitmusChaos

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with the /auth/login endpoint accessible are vulnerable. The vulnerability specifically affects the projectID parameter handling.

📦 What is this software?

Litmus by Litmuschaos

View all CVEs affecting Litmus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the LitmusChaos platform, allowing attackers to manipulate chaos experiments, access sensitive project data, or gain administrative control over the system.

🟠

Likely Case

Unauthorized access to projects and chaos experiments, potentially allowing attackers to disrupt or manipulate chaos testing workflows.

🟢

If Mitigated

Limited impact with proper network segmentation and authentication controls, though the vulnerability still presents an authentication bypass risk.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and affects authentication endpoints, making internet-facing deployments particularly vulnerable.

🏢 Internal Only: MEDIUM - While internal deployments have some network protection, the authentication bypass nature makes this significant even in internal networks.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploit details have been publicly disclosed on GitHub and VulDB. Attack requires understanding of the LitmusChaos authentication flow but is documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 3.20.0 or later

Vendor Advisory: Not provided by vendor (vendor did not respond to disclosure)

Restart Required: Yes

Instructions:

1. Upgrade LitmusChaos Litmus to version 3.20.0 or later. 2. Restart all LitmusChaos components. 3. Verify the fix by testing authentication flows.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to the /auth/login endpoint to trusted IP addresses only

Use firewall rules to limit access to LitmusChaos authentication endpoints

Authentication Proxy

all

Place an authentication proxy in front of LitmusChaos that validates projectID before forwarding requests

Configure reverse proxy (nginx, Apache) with custom authentication logic

🧯 If You Can't Patch

Implement strict network segmentation to isolate LitmusChaos from untrusted networks
Deploy Web Application Firewall (WAF) with rules to detect and block manipulation of projectID parameter

🔍 How to Verify

Check if Vulnerable:

Check if your LitmusChaos version is 3.19.0 or earlier. Attempt to manipulate projectID parameter in authentication requests to test for bypass.

Check Version:

kubectl get deployment -n litmus | grep litmus || Check LitmusChaos UI/API for version information

Verify Fix Applied:

After upgrading to 3.20.0+, test that projectID manipulation no longer allows unauthorized access. Verify proper access controls are enforced.

📡 Detection & Monitoring

Log Indicators:

Unusual authentication attempts with manipulated projectID values
Failed login attempts followed by successful access from same IP
Access to projects from unauthorized users

Network Indicators:

HTTP requests to /auth/login with unusual projectID patterns
Authentication bypass attempts

SIEM Query:

source="litmus*" AND (uri_path="/auth/login" AND (projectID!="expected_pattern" OR projectID_manipulation_detected))

📊 Metadata

CVE ID: CVE-2025-8795

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-266

EPSS Score: 0.05% exploit probability (14.6th percentile)

Published: August 10, 2025

Last Updated: September 2, 2025

🔗 References

https://github.com/MaiqueSilva/VulnDB/blob/main/readme05.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.319323 Permissions Required,VDB Entry
https://vuldb.com/?id.319323 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.625984 Third Party Advisory,VDB Entry
https://github.com/MaiqueSilva/VulnDB/blob/main/readme05.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8795, you might also want to check these: