CVE-2025-35431

MEDIUM

CISA Thorium 1.0.0-1.1.0 - Authenticated LDAP Injection

Title source: llm
STIX 2.1

Description

CISA Thorium does not escape user controlled strings used in LDAP queries. An authenticated remote attacker can modify LDAP authorization data such as group memberships. Fixed in 1.1.1.

References (4)

Core 4

Scores

CVSS v3 5.4
EPSS 0.0029
EPSS Percentile 20.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-90
Status published
Products (1)
cisa/thorium 1.0.0 - 1.1.1
Published Sep 17, 2025
Tracked Since Feb 18, 2026