Vulnerability in Authzed Spicedb

CVE-2025-65111

SpiceDB is an open source database system for creating and managing security-critical application permissions. Prior to version 1.47.1, if a schema includes the following characteristics: permission defined in terms of a union (+) and that…

EPSS: 0.001 (16.9th percentile) — read the EPSS interpretation.

Affected products

Authzed Spicedb — versions < 1.47.1

Weakness classification (CWE)

CWE-277 — Insecure Inherited Permissions

References

https://github.com/authzed/spicedb/security/advisories/GHSA-9m7r-g8hg-x3vr (x_refsource_CONFIRM)
https://github.com/authzed/spicedb/commit/8c2edbe1e7bd3851fa2138f4cc344bfde986dcf2 (x_refsource_MISC)