Listen to this Post
How the mentioned CVE works:
The vulnerability CVE-2025-24353 in Directus is an access control flaw within the item sharing feature. When an authorized user generates a share link for a database item, the application incorrectly allows the user to specify any arbitrary role for the share. This bypasses the intended role-based permissions. Consequently, a user with a low-privilege role can create a share link that uses a high-privilege role. Anyone accessing the content via that link will then see fields and data that should be restricted, effectively leading to a privilege escalation and unauthorized information disclosure. The core issue is the failure to validate if the user initiating the share has the rights to assign the chosen role.
Platform: Directus
Version: < 11.2.0
Vulnerability: Privilege Escalation
Severity: Critical
date: 2025-01-23
Prediction: Patch Available
What Undercode Say:
`curl -X GET “https://api.example.com/items/collection/1?fields=”`
`directus share:create –item 123 –role Administrator`
`SELECT FROM directus_shares WHERE role != user_role;`
How Exploit:
Attacker, as a low-privilege user, creates a share link for a sensitive item. They assign a high-privilege role (e.g., Administrator) to the share. The generated link grants any visitor the permissions of the assigned role, revealing hidden data fields when accessed.
Protection from this CVE:
Upgrade to v11.2.0. Disable public shares. Implement strict role validation. Review share audit logs.
Impact:
Unauthorized data access. Information disclosure. Bypass of security controls.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
