CVE-2025-4210— Casdoor SCIM User Creation Endpoint scim.go HandleScim authorization

CVSS 7.3 · High EPSS 2.93% · P87 Updated May 03, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-4210

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Casdoor SCIM User Creation Endpoint scim.go HandleScim authorization

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability classified as critical was found in Casdoor up to 1.811.0. This vulnerability affects the function HandleScim of the file controllers/scim.go of the component SCIM User Creation Endpoint. The manipulation leads to authorization bypass. The attack can be initiated remotely. Upgrading to version 1.812.0 is able to address this issue. The name of the patch is 3d12ac8dc2282369296c3386815c00a06c6a92fe. It is recommended to upgrade the affected component.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

通过用户控制密钥绕过授权机制

Source: NVD (National Vulnerability Database)

Vulnerability Title

Casdoor 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Casdoor是Casdoor开源的一个支持多种身份验证和授权协议的开源平台。 Casdoor 1.811.0及之前版本存在安全漏洞，该漏洞源于授权绕过，可能导致未经授权的访问。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	Casdoor	1.811	-

II. Public POCs for CVE-2025-4210

#	POC Description	Source Link	Shenlong Link
1	Casdoor up to 1.811.0 contains an authorization bypass caused by manipulation in HandleScim function in controllers/scim.go, letting remote attackers bypass authorization, exploit requires remote access.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-4210.yaml	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-4210

请登录查看更多情报信息。

feat: improve HandleScim() · casdoor/casdoor@3d12ac8 · GitHubpatch
Release v1.812.0 · casdoor/casdoor · GitHubpatch
Submit #556201: Casbin Casdoor v1.430.0-v1.812.0 Authorization Bypassthird-party-advisory
CVE-2025-4210 Casdoor SCIM User Creation Endpoint scim.go HandleScim authorizationvdb-entrytechnical-description
https://nvd.nist.gov/vuln/detail/CVE-2025-4210

Same Patch Batch · n/a · 2025-05-02 · 6 CVEs total

CVE-2025-44877		Tenda AC9 安全漏洞
CVE-2025-44872		Tenda AC9 安全漏洞
CVE-2025-44868		WAVLINK WL-WN530H4 安全漏洞
CVE-2025-45800		TOTOLINK A950RG 安全漏洞
CVE-2024-55069		FFmpeg 安全漏洞

IV. Related Vulnerabilities

Same product: Casdoor

Same vendor: n/a

Same weakness: CWE-639

V. Comments for CVE-2025-4210

Anonymous User

2026-01-15 06:08:29

Zaproxy alias impedit expedita quisquam pariatur exercitationem. Nemo rerum eveniet dolores rem quia dignissimos.

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-4210— Casdoor SCIM User Creation Endpoint scim.go HandleScim authorization

I. Basic Information for CVE-2025-4210

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-4210

III. Intelligence Information for CVE-2025-4210

Same Patch Batch · n/a · 2025-05-02 · 6 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-4210

Anonymous User

Leave a comment