Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-62487

Summary
Assigner-Palantir
Assigner Org ID-bbcbe11d-db20-4bc2-8a6e-c79f87041fd4
Published At-09 Jan, 2026 | 21:17
Updated At-14 Jan, 2026 | 19:10
Rejected At-
Credits

Under certain configurations, file artifacts uploaded to the Dossier and Slides apps did not inherit security markings of their parent artifact. This lack of security markings could lead to unintended access to the uploaded files.

On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different artifacts (e.g. other dossiers and presentations). On deployments configured with CBAC, the front-end would present a security picker dialog to set the security level on the uploads, thereby mitigating the issue. On deployments without a CBAC configuration, no security picker dialog appears, leading to a security level of CUSTOM with no markings or datasets selected. The resulting markings and groups for the file uploads thus will be only those added by the default authorization rules defined in the Auth Chooser configuration. On most environments, it is expected that the default authorization rules only add the Everyone group.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Palantir
Assigner Org ID:bbcbe11d-db20-4bc2-8a6e-c79f87041fd4
Published At:09 Jan, 2026 | 21:17
Updated At:14 Jan, 2026 | 19:10
Rejected At:
▼CVE Numbering Authority (CNA)
Under certain configurations, file artifacts uploaded to the Dossier and Slides apps did not inherit security markings of their parent artifact. This lack of security markings could lead to unintended access to the uploaded files.

On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different artifacts (e.g. other dossiers and presentations). On deployments configured with CBAC, the front-end would present a security picker dialog to set the security level on the uploads, thereby mitigating the issue. On deployments without a CBAC configuration, no security picker dialog appears, leading to a security level of CUSTOM with no markings or datasets selected. The resulting markings and groups for the file uploads thus will be only those added by the default authorization rules defined in the Auth Chooser configuration. On most environments, it is expected that the default authorization rules only add the Everyone group.

Affected Products
Vendor
Palantir
Product
com.palantir.acme:gotham-default-apps-bundle
Versions
Affected
  • From 100.30250502.0 before 100.30251002.0 (semver)
Unaffected
  • From 100.30251002.0 before * (semver)
  • 100.30250808.87
  • 100.30250908.1
  • 100.30250709.54
  • 100.30250907.11
  • 100.30250507.88
  • 100.30251001.1
  • From * before 100.30250502.0 (semver)
  • 100.30250906.52
Vendor
Palantir
Product
com.palantir.acme:stencil-app-bundle
Versions
Affected
  • From 100.30250502.0 before 100.30251002.0 (semver)
Unaffected
  • 100.30250907.11
  • 100.30250507.88
  • 100.30250908.1
  • 100.30250808.87
  • From 100.30251002.0 before * (semver)
  • 100.30251001.1
  • From * before 100.30250502.0 (semver)
  • 100.30250906.52
  • 100.30250709.54
Vendor
Palantir
Product
com.palantir.acme:dossier-app
Versions
Affected
  • From 100.30250502.0 before 100.30251002.0 (semver)
Unaffected
  • 100.30250907.11
  • 100.30251001.1
  • 100.30250808.87
  • From * before 100.30250502.0 (semver)
  • 100.30250908.1
  • 100.30250709.54
  • From 100.30251002.0 before * (semver)
  • 100.30250507.88
  • 100.30250906.52
Problem Types
TypeCWE IDDescription
CWECWE-863The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
Type: CWE
CWE ID: CWE-863
Description: The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
Metrics
VersionBase scoreBase severityVector
3.13.5LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/CR:H/IR:H/AR:H
Version: 3.1
Base score: 3.5
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/CR:H/IR:H/AR:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-180An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack.
CAPEC ID: CAPEC-180
Description: An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack.
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://palantir.safebase.us/?tcuUid=c91a1b4f-72e7-4959-9e2d-3a341e5c7a1f
N/A
Hyperlink: https://palantir.safebase.us/?tcuUid=c91a1b4f-72e7-4959-9e2d-3a341e5c7a1f
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve-coordination@palantir.com
Published At:09 Jan, 2026 | 22:16
Updated At:14 Jan, 2026 | 19:16

On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different artifacts (e.g. other dossiers and presentations). On deployments configured with CBAC, the front-end would present a security picker dialog to set the security level on the uploads, thereby mitigating the issue. On deployments without a CBAC configuration, no security picker dialog appears, leading to a security level of CUSTOM with no markings or datasets selected. The resulting markings and groups for the file uploads thus will be only those added by the default authorization rules defined in the Auth Chooser configuration. On most environments, it is expected that the default authorization rules only add the Everyone group.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.13.5LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 3.5
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-863Secondarycve-coordination@palantir.com
CWE ID: CWE-863
Type: Secondary
Source: cve-coordination@palantir.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://palantir.safebase.us/?tcuUid=c91a1b4f-72e7-4959-9e2d-3a341e5c7a1fcve-coordination@palantir.com
N/A
Hyperlink: https://palantir.safebase.us/?tcuUid=c91a1b4f-72e7-4959-9e2d-3a341e5c7a1f
Source: cve-coordination@palantir.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

9Records found
CVE-2023-30946
Matching Score-8
Assigner-Palantir Technologies
ShareView Details
Matching Score-8
Assigner-Palantir Technologies
CVSS Score-3.5||LOW
EPSS-0.28% / 51.39%
||
7 Day CHG~0.00%
Published-29 Jun, 2023 | 18:49
Updated-28 Oct, 2024 | 13:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Issues notification metadata lacks authorization

A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.

Action-Not Available
Vendor-palantirPalantir
Product-foundry_issuescom.palantir.issues:issues
CWE ID-CWE-420
Unprotected Alternate Channel
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2023-22836
Matching Score-8
Assigner-Palantir Technologies
ShareView Details
Matching Score-8
Assigner-Palantir Technologies
CVSS Score-3.5||LOW
EPSS-0.06% / 17.36%
||
7 Day CHG~0.00%
Published-29 Jan, 2024 | 18:50
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
In cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes the linter name from the default value, the renamed value may be visible to the rest of the stack’s tenants.

In cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes a group name from the default value, the renamed value may be visible to the rest of the stack’s tenants.

Action-Not Available
Vendor-guardiansoftPalantir
Product-guardiancom.palantir.skywise:guardian
CWE ID-CWE-862
Missing Authorization
CVE-2023-30955
Matching Score-6
Assigner-Palantir Technologies
ShareView Details
Matching Score-6
Assigner-Palantir Technologies
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.40%
||
7 Day CHG~0.00%
Published-29 Jun, 2023 | 18:46
Updated-28 Oct, 2024 | 13:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foundry workspace-server Developer Mode Authorization Bypass

A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0.

Action-Not Available
Vendor-palantirPalantir
Product-foundry_workspace-servercom.palantir.workspace:workspace
CWE ID-CWE-602
Client-Side Enforcement of Server-Side Security
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-22833
Matching Score-6
Assigner-Palantir Technologies
ShareView Details
Matching Score-6
Assigner-Palantir Technologies
CVSS Score-7.6||HIGH
EPSS-0.05% / 15.52%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 18:55
Updated-07 Jan, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mandatory control bypass in Lime2

Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances.

Action-Not Available
Vendor-palantirPalantir
Product-foundrycom.palantir.lime:lime2
CWE ID-CWE-304
Missing Critical Step in Authentication
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-49810
Matching Score-4
Assigner-Mattermost, Inc.
ShareView Details
Matching Score-4
Assigner-Mattermost, Inc.
CVSS Score-3.5||LOW
EPSS-0.03% / 7.85%
||
7 Day CHG~0.00%
Published-21 Aug, 2025 | 07:15
Updated-22 Aug, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Thread summarization allows persistent access to channel

Mattermost versions 10.5.x <= 10.5.8 fail to validate access controls at time of access which allows user to read a thread via AI posts

Action-Not Available
Vendor-Mattermost, Inc.
Product-Mattermost
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-39936
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-3.5||LOW
EPSS-0.34% / 56.41%
||
7 Day CHG~0.00%
Published-13 Dec, 2021 | 15:47
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker in possession of a deploy token to access a project's disabled wiki.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-41944
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.5||LOW
EPSS-0.19% / 40.62%
||
7 Day CHG~0.00%
Published-28 Nov, 2022 | 00:00
Updated-23 Apr, 2025 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse users can see notifications for topics they no longer have access to

Discourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9.0.beta.13, under certain conditions, a user can see notifications for topics they no longer have access to. If there is sensitive information in the topic title, it will therefore have been exposed. This issue is patched in stable version 2.8.12, beta version 2.9.0.beta13, and tests-passed version 2.9.0.beta13. There are no workarounds available.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-36091
Matching Score-4
Assigner-OTRS AG
ShareView Details
Matching Score-4
Assigner-OTRS AG
CVSS Score-3.5||LOW
EPSS-0.18% / 39.76%
||
7 Day CHG~0.00%
Published-26 Jul, 2021 | 04:25
Updated-16 Sep, 2024 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unautorized access to the calendar appointments

Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27.

Action-Not Available
Vendor-OTRS AG
Product-otrs((OTRS)) Community EditionOTRS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-3613
Matching Score-4
Assigner-Mattermost, Inc.
ShareView Details
Matching Score-4
Assigner-Mattermost, Inc.
CVSS Score-3.5||LOW
EPSS-0.12% / 30.76%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 15:31
Updated-21 Oct, 2024 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Guest accounts invited and added to channels by Welcomebot plugin

Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default.

Action-Not Available
Vendor-Mattermost, Inc.
Product-mattermost_serverMattermost Plugins
CWE ID-CWE-863
Incorrect Authorization
Details not found