vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker can obtain owner rights of other organization. Hacker should know the ID of victim organization (in real case the user can be a part of the organization as an unprivileged user) and be the owner/admin of other organization (by default you can create your own organization) in order to attack. This vulnerability is fixed in 1.33.0.
                
            Metrics
Affected Vendors & Products
References
        History
                    Wed, 20 Aug 2025 14:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Dani-garcia Dani-garcia vaultwarden | |
| Weaknesses | NVD-CWE-noinfo | |
| CPEs | cpe:2.3:a:dani-garcia:vaultwarden:*:*:*:*:*:*:*:* | |
| Vendors & Products | Dani-garcia Dani-garcia vaultwarden | 
Wed, 16 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | epss 
 | epss 
 | 
Mon, 27 Jan 2025 18:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker can obtain owner rights of other organization. Hacker should know the ID of victim organization (in real case the user can be a part of the organization as an unprivileged user) and be the owner/admin of other organization (by default you can create your own organization) in order to attack. This vulnerability is fixed in 1.33.0. | |
| Title | vaultwarden allows escalation of privilege via variable confusion in OrgHeaders trait | |
| Weaknesses | CWE-284 | |
| References |  | |
| Metrics | cvssV3_1 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: GitHub_M
Published: 2025-01-27T17:49:57.796Z
Updated: 2025-02-12T20:41:36.070Z
Reserved: 2025-01-20T15:18:26.990Z
Link: CVE-2025-24365
 Vulnrichment
                        Vulnrichment
                    No data.
 NVD
                        NVD
                    Status : Analyzed
Published: 2025-01-27T18:15:41.847
Modified: 2025-08-20T13:56:46.803
Link: CVE-2025-24365
 Redhat
                        Redhat
                    No data.
 ReportizFlow
ReportizFlow