Privilege escalation in Janssenproject Jans

CVE-2025-53003

The Janssen Project is an open-source identity and access management (IAM) platform. Prior to version 1.8.0, the Config API returns results without scope verification. This has a large internal surface attack area that exposes all sorts of…

Vulnerability class: Information Disclosure

EPSS: 0.003 (26.4th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References