x/vulndb: potential Go vuln in github.com/casdoor/casdoor: CVE-2025-4210

[GoVulnBot]

Advisory CVE-2025-4210 references a vulnerability in the following Go modules:

Module
github.com/casdoor/casdoor

Description:
A vulnerability classified as critical was found in Casdoor up to 1.811.0. This vulnerability affects the function HandleScim of the file controllers/scim.go of the component SCIM User Creation Endpoint. The manipulation leads to authorization bypass. The attack can be initiated remotely. Upgrading to version 1.812.0 is able to address this issue. The name of the patch is 3d12ac8dc2282369296c3386815c00a06c6a92fe. It is recommended to upgrade the affected component.

References:

• ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2025-4210
• FIX: casdoor/casdoor@3d12ac8
• WEB: https://github.com/casdoor/casdoor/releases/tag/v1.812.0
• WEB: https://vuldb.com/?ctiid.307180
• WEB: https://vuldb.com/?id.307180
• WEB: https://vuldb.com/?submit.556201

Cross references:

• github.com/casdoor/casdoor appears in 7 other report(s):
  • data/excluded/GO-2023-1868.yaml (x/vulndb: potential Go vuln in github.com/casdoor/casdoor: GHSA-rwcp-qrwg-56cg #1868) EFFECTIVELY_PRIVATE
  • data/reports/GO-2022-0303.yaml (x/vulndb: potential Go vuln in github.com/casdoor/casdoor: CVE-2022-24124 #303)
  • data/reports/GO-2022-1006.yaml (x/vulndb: potential Go vuln in github.com/casdoor/casdoor: CVE-2022-38638, GHSA-9vm3-r8gq-cr6x #1006)
  • data/reports/GO-2022-1153.yaml (x/vulndb: potential Go vuln in github.com/casdoor/casdoor: GHSA-f93f-55c2-8c89 #1153)
  • data/reports/GO-2024-3026.yaml (x/vulndb: potential Go vuln in github.com/casdoor/casdoor: GHSA-67fw-w8f2-88wp #3026)
  • data/reports/GO-2024-3086.yaml (x/vulndb: potential Go vuln in github.com/casdoor/casdoor: GHSA-gv2p-4mvg-g32h #3086)
  • data/reports/GO-2024-3087.yaml (x/vulndb: potential Go vuln in github.com/casdoor/casdoor: GHSA-mchx-7j67-8mcf #3087)

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/casdoor/casdoor
      vulnerable_at: 1.901.0
summary: CVE-2025-4210 in github.com/casdoor/casdoor
cves:
    - CVE-2025-4210
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-4210
    - fix: https://github.com/casdoor/casdoor/commit/3d12ac8dc2282369296c3386815c00a06c6a92fe
    - web: https://github.com/casdoor/casdoor/releases/tag/v1.812.0
    - web: https://vuldb.com/?ctiid.307180
    - web: https://vuldb.com/?id.307180
    - web: https://vuldb.com/?submit.556201
source:
    id: CVE-2025-4210
    created: 2025-05-02T17:02:12.796055378Z
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/670315 mentions this issue: data/reports: add 5 reports