Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

com.palantir.controlpanel:control-panel

Source -

CNA

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
1Vulnerabilities found
CVE-2025-64400
Assigner-Palantir Technologies
ShareView Details
Assigner-Palantir Technologies
CVSS Score-4.1||MEDIUM
EPSS-0.08% / 23.96%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 19:32
Updated-19 Dec, 2025 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient permission checks when pre-enrolling users Summary

Control Panel provides an API for pre-registering into an enrollment and organization prior to a user's first login. The API for creating users checks that the account requesting a user creation has `edit` on the enrollment-level user directory, but is missing a separate check that the enrollment editor has access (or belongs to) the organization that they are adding a user to.

Action-Not Available
Vendor-Palantir
Product-com.palantir.controlpanel:control-panel
CWE ID-CWE-284
Improper Access Control