CVE-2025-4210 – Casdoor SCIM User Creation Endpoint Authorization Bypass Vulnerability

May 2, 2025

CVE ID : CVE-2025-4210

Published : May 2, 2025, 4:15 p.m. | 34 minutes ago

Description : A vulnerability classified as critical was found in Casdoor up to 1.811.0. This vulnerability affects the function HandleScim of the file controllers/scim.go of the component SCIM User Creation Endpoint. The manipulation leads to authorization bypass. The attack can be initiated remotely. Upgrading to version 1.812.0 is able to address this issue. The name of the patch is 3d12ac8dc2282369296c3386815c00a06c6a92fe. It is recommended to upgrade the affected component.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleGrand Theft Auto 6 has been DELAYED — will now miss 2025 launch window entirely

Next Article Microsoft Bing is stealing tens of millions of Google’s search users according to the latest data

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

Finally, a sleek gaming laptop I can take to the office (without sacrificing power)

These jobs face the highest risk of AI takeover, according to Microsoft

Apple’s tariff costs and iPhone sales are soaring – how long until device prices are too?

5 ways to successfully integrate AI agents into your workplace

Enhancing Laravel Queries with Reusable Scope Patterns

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

Everything We Know About Livewire 4

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

Sam Altman is afraid of OpenAI’s GPT-5 creation — “The Manhattan Project feels very fast, like there are no adults in the room”

9 new features that arrived on the Windows 11 Insider Program during the second half of July 2025

CVE-2025-4210 – Casdoor SCIM User Creation Endpoint Authorization Bypass Vulnerability

This month in security with Tony Anscombe – July 2025 edition

WordPress AI Engine Plugin Bug Allows Remote Code Execution – Update Now

CVE-2025-4073 – PHPGurukul Student Record System SQL Injection Vulnerability

Xenia team shuts down rumors of Xbox partnership for PC emulation

Will using a VPN help protect you from malware or ransomware?

Gaining the Edge: How to Leverage Blockchain for a Competitive Advantage 🚀🔗

Exploits for unauthenticated FortiWeb RCE are public, so patch quickly! (CVE-2025-25257)

CVE-2025-6675 – Drupal Enterprise MFA – TFA Authentication Bypass

CVE-2025-5649 – SourceCodester Student Result Management System Remote Access Control Bypass

CVE-2024-11584 – Cloud-init systemd Socket Unit Permission Vulnerability

CVE-2025-4210 – Casdoor SCIM User Creation Endpoint Authorization Bypass Vulnerability

Related Posts