Privilege escalation in Janssenproject Jans
CVE-2025-53003
The Janssen Project is an open-source identity and access management (IAM) platform. Prior to version 1.8.0, the Config API returns results without scope verification. This has a large internal surface attack area that exposes all sorts of…
Vulnerability class: Information Disclosure
EPSS: 0.003 (26.4th percentile) — read the EPSS interpretation.
Affected products
- Janssenproject Jans — versions < 1.8.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)