Apache Cassandra Vulnerability Let Attackers Gain Access to the Data Centers Remotely
A new security vulnerability, identified as CVE-2025-24860, has been disclosed in Apache Cassandra, a widely used distributed database system. The flaw involves an authorization bypass that could allow users to gain unauthorized access to data centers or network regions when using specific authorizer configurations. Additionally, users with restricted access can escalate their permissions via DCL […] The post Apache Cassandra Vulnerability Let Attackers Gain Access to the Data Centers Remotely appeared first on Cyber Security News.
A new security vulnerability, identified as CVE-2025-24860, has been disclosed in Apache Cassandra, a widely used distributed database system.
The flaw involves an authorization bypass that could allow users to gain unauthorized access to data centers or network regions when using specific authorizer configurations.
Additionally, users with restricted access can escalate their permissions via DCL statements. Operators are advised to review access rules for breaches and upgrade to patched versions 4.0.16, 4.1.8, or 5.0.3 to resolve the issue.
The vulnerability impacts the following versions of Apache Cassandra:
- 4.0.0 through 4.0.15
- 4.1.0 through 4.1.7
- 5.0.0 through 5.0.2
The issue arises from an Incorrect Authorization vulnerability in the CassandraNetworkAuthorizer and CassandraCIDRAuthorizer. These components are designed to restrict access to specific data centers or IP/CIDR groups based on user permissions.
However, due to this flaw, users with restricted access can potentially bypass these controls by updating their own permissions through data control language (DCL) statements.
This vulnerability affects:
CassandraNetworkAuthorizerin versions 4.0.0–4.0.15 and 4.1.0–4.1.7- Both
CassandraNetworkAuthorizerandCassandraCIDRAuthorizerin versions 5.0.0–5.0.2
Operators using the affected authorizers are urged to review their data access rules for any potential breaches caused by this flaw. To mitigate the risk, users should upgrade to the following patched versions of Apache Cassandra, 4.0.16, 4.1.8, 5.0.3.
These updates address the vulnerability and restore proper authorization controls.
The issue was reported by Stefan Miklosovic and has been addressed by the Apache Cassandra development team.
For further details, visit the official Apache Cassandra website or consult the CVE record on cve.org.
This discovery underscores the importance of regular security audits and prompt updates to ensure the integrity of distributed database systems like Apache Cassandra in production environments.
Upgrade Your Cybersecurity Skills With 100+ Premium Cyber Security Courses Online - Enroll Here
The post Apache Cassandra Vulnerability Let Attackers Gain Access to the Data Centers Remotely appeared first on Cyber Security News.
