CVE-2025-61524 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-61524 Interim 1 1 2025-12-23T00:16:37Z current 2025-12-23T00:16:37Z 2025-12-23T00:16:37Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-61524 An issue in the permission verification module and organization/application editing interface in Casdoor v2.26.0 and before, and fixed in v.2.63.0, allows remote authenticated administrators of any organization within the system to bypass the system's permission verification mechanism by directly concatenating URLs after login The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed govulncheck-vulndb-0.0.20251105T184115-1.1 govulncheck-vulndb-0.0.20251105T184115-1.1 as a component of openSUSE Tumbleweed An issue in the permission verification module and organization/application editing interface in Casdoor v2.26.0 and before, and fixed in v.2.63.0, allows remote authenticated administrators of any organization within the system to bypass the system's permission verification mechanism by directly concatenating URLs after login CVE-2025-61524 openSUSE Tumbleweed:govulncheck-vulndb-0.0.20251105T184115-1.1 important