Summary: Apache Cassandra, a widely-used open-source NoSQL database, is facing serious vulnerabilities that could jeopardize sensitive data security across various versions. Key issues include unauthorized network access, privilege escalation, and a critical flaw in JMX authentication. Organizations using Cassandra are strongly urged to upgrade and implement best security practices immediately to protect their data integrity.
Affected: Apache Cassandra
Keypoints :
- Critical vulnerabilities: CVE-2025-24860 allows bypassing network authorization controls, impacting versions 4.0.0 to 5.0.2.
- CVE-2025-23015 enables privilege escalation for users with ‘MODIFY’ permissions, affecting versions 3.0.0 to 5.0.2.
- CVE-2024-27137 involves a known vulnerability for JMX authentication affecting versions 4.0.2 to 5.0.2 running on Java 11.
- Organizations should upgrade to patched versions, specifically 3.0.31, 3.11.18, 4.0.16, 4.1.8, and 5.0.3.
- Adherence to security best practices, including strict access control and regular audits, is essential for data protection.