Listen to this Post
The vulnerability CVE-2025-53047 in SpiceDB exists in the `WriteRelationships` API endpoint. This function is responsible for writing relationship tuples that define permissions between objects and subjects. A flaw occurs when the number of updates in a single request exceeds a certain threshold, approximately 6500. Instead of properly rejecting the oversized payload with an error message, the function fails silently. The server accepts the request and returns a success response to the client, but the provided data is never actually persisted to the database. This creates a critical data integrity issue, as the application and user are misled into believing the operation was completed successfully when it was not.
Platform: SpiceDB
Version: <1.45.2
Vulnerability: Silent Failure
Severity: Low
date: 2025-11-10
Prediction: Patch 2025-11-17
What Undercode Say:
Simulating a large batch write that may fail silently
grpcurl -d @ localhost:50051 authzed.api.v1.SchemaService/WriteRelationships <<EOF
{
"updates": [
{ "relationship": {"resource":{"object_type":"doc","object_id":"1"},"relation":"viewer","subject":{"object":{"object_type":"user","object_id":"user1"}}} },
... Repeated 7000+ times ...
]
}
EOF
Checking server logs for any errors (none will be found for this issue)
grep -i "fail\|error" /var/log/spicedb.log
Workaround: Starting SpiceDB with a lower, safer limit
./spicedb serve --write-relationships-max-updates-per-call=1000
How Exploit:
An attacker cannot directly gain code execution or elevate privileges. However, by sending a very large batch of relationship updates, they can cause a silent failure. This disrupts application logic that depends on those relationships being written, leading to inconsistent permissions and data access states without any visible error.
Protection from this CVE:
Upgrade to version 1.45.2 immediately. If an immediate upgrade is not possible, apply the workaround by starting the SpiceDB server with the flag `–write-relationships-max-updates-per-call=1000` to enforce a lower, safer limit that prevents the condition.
Impact:
Data integrity is compromised as relationship writes are lost. Application permission logic fails unpredictably, potentially granting or denying access incorrectly. No direct security breach occurs, but system reliability is severely undermined.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
