Resource exhaustion in Authzed Spicedb

CVE-2025-64529

SpiceDB is an open source database system for creating and managing security-critical application permissions. In versions prior to 1.45.2, users who use the exclusion operator somewhere in their authorization schema; have configured their…

EPSS: 0.001 (23.3th percentile) — read the EPSS interpretation.

Affected products

Authzed Spicedb — versions < 1.45.2

Weakness classification (CWE)

CWE-770 — Allocation of Resources Without Limits or Throttling

References

https://github.com/authzed/spicedb/security/advisories/GHSA-pm3x-jrhh-qcr7 (x_refsource_CONFIRM)