CVE-2025-4210 – Casdoor SCIM User Creation Endpoint Authorization Bypass Vulnerability

May 2, 2025

CVE ID : CVE-2025-4210

Published : May 2, 2025, 4:15 p.m. | 34 minutes ago

Description : A vulnerability classified as critical was found in Casdoor up to 1.811.0. This vulnerability affects the function HandleScim of the file controllers/scim.go of the component SCIM User Creation Endpoint. The manipulation leads to authorization bypass. The attack can be initiated remotely. Upgrading to version 1.812.0 is able to address this issue. The name of the patch is 3d12ac8dc2282369296c3386815c00a06c6a92fe. It is recommended to upgrade the affected component.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleGrand Theft Auto 6 has been DELAYED — will now miss 2025 launch window entirely

Next Article Microsoft Bing is stealing tens of millions of Google’s search users according to the latest data

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

Finally, a sleek gaming laptop I can take to the office (without sacrificing power)

These jobs face the highest risk of AI takeover, according to Microsoft

Apple’s tariff costs and iPhone sales are soaring – how long until device prices are too?

5 ways to successfully integrate AI agents into your workplace

Enhancing Laravel Queries with Reusable Scope Patterns

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

Everything We Know About Livewire 4

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

Sam Altman is afraid of OpenAI’s GPT-5 creation — “The Manhattan Project feels very fast, like there are no adults in the room”

9 new features that arrived on the Windows 11 Insider Program during the second half of July 2025

CVE-2025-4210 – Casdoor SCIM User Creation Endpoint Authorization Bypass Vulnerability

This month in security with Tony Anscombe – July 2025 edition

WordPress AI Engine Plugin Bug Allows Remote Code Execution – Update Now

CVE-2025-39410 – Themegusta Smart Sections Theme Builder – WPBakery Page Builder Addon Deserialization of Untrusted Data Vulnerability

This $400 Motorola stylus phone shouldn’t be this good, but I’m seriously impressed

Cloudflare announces remote MCP server to reduce barriers to creating AI agents

This Week in Laravel: NativePHP Mobile and AI Guidelines from Spatie

Rilasciato Archinstall 3.0.7: Il programma di installazione guidata di Arch Linux supporta le istantanee Btrfs

Windows 11 24H2’s new Start Menu auto-changes size based on screen resolution

LLMs Can Now Reason Beyond Language: Researchers Introduce Soft Thinking to Replace Discrete Tokens with Continuous Concept Embeddings

Microsoft wants to give Copilot a body that you can customize and connect with

CVE-2025-4210 – Casdoor SCIM User Creation Endpoint Authorization Bypass Vulnerability

Related Posts