OpenFGA Improper Policy Enforcement Affected Versions github.com/openfga/openfga (Go): >= 1.4.0 = 0.1.34 = 1.4.0 <= 1.11.0 Severity Severity Score: Moderate (5.8/10) Description Overview OpenFQA versions v1.4.0 to v1.11.0 (including relevant Helm and Docker versions) are vulnerable to improper policy enforcement when specific Check and ListObject calls are executed. Am I Affected? You are affected if all of the following conditions apply: Using OpenFQA versions v1.4.0 to v1.11.0 Your model includes a relation that is directly assignable using with The relation is not assignable by a type bound public access without a condition Your type is assigned for the same relation through a type bound public access without condition Fix Upgrade to version v1.11.1. This upgrade is backwards compatible. Workaround None CVSS Metrics Attack Vector: Network Attack Complexity: Low Attack Requirements: Present Privileges Required: Low User Interaction: None Vulnerable System Impact: None (Confidentiality, Integrity, Availability) Subsequent System Impact: High (Confidentiality, Integrity, Availability) CVE ID CVE-2025-64751 Weaknesses No Common Weaknesses Enumerations (CWEs) listed.