CVE-2025-64751 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-64751 Interim 1 2 2026-03-05T00:26:46Z current 2025-12-23T00:15:34Z 2026-03-05T00:26:46Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-64751 OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.4.0 to v1.11.0 ( openfga-0.1.34 <= Helm chart <= openfga-0.2.48, v.1.4.0 <= docker <= v.1.11.0) are vulnerable to improper policy enforcement when certain Check and ListObject calls are executed. This issue has been patched in version 1.11.1. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2025-December/023608.html E-Mail link for SUSE-SU-2025:4444-1 https://lists.suse.com/pipermail/sle-security-updates/2025-December/023607.html E-Mail link for SUSE-SU-2025:4446-1 https://lists.suse.com/pipermail/sle-security-updates/2025-December/023616.html E-Mail link for SUSE-SU-2025:4479-1 https://lists.suse.com/pipermail/sle-security-updates/2025-December/023614.html E-Mail link for SUSE-SU-2025:4482-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings Container suse/manager/4.3/proxy-httpd:4.3.16.2.9.73.1 Image SLES15-SP4-Manager-Server-4-3-BYOS Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE SUSE Linux Enterprise Module for Package Hub 15 SP6 SUSE Linux Enterprise Module for Package Hub 15 SP7 SUSE Manager Server LTS 4.3 SUSE Multi Linux Manager Tools SLE-12 SUSE Multi Linux Manager Tools SLE-15 SUSE Multi Linux Manager Tools SLE-Micro-5 openSUSE Leap 15.6 Multi-Linux-ManagerTools-SLE-release-12-120002.1.11.1 Multi-Linux-ManagerTools-SLE-release-POOL-12-120002.1.11.1 grafana-11.5.10-120002.4.6.1 grafana-11.5.10-150002.4.6.1 grafana-11.5.10-150200.3.80.1 mgrctl-5.1.23-120002.3.6.1 mgrctl-5.1.23-150002.3.6.1 mgrctl-bash-completion-5.1.23-120002.3.6.1 mgrctl-bash-completion-5.1.23-150002.3.6.1 mgrctl-lang-5.1.23-120002.3.6.1 mgrctl-lang-5.1.23-150002.3.6.1 mgrctl-zsh-completion-5.1.23-120002.3.6.1 mgrctl-zsh-completion-5.1.23-150002.3.6.1 release-notes-susemanager-4.3.16.2-150400.3.148.1 release-notes-susemanager-proxy-4.3.16.2-150400.3.104.2 release-notes-susemanager-proxy-4.3.16.2-150400.3.104.2 as a component of Container suse/manager/4.3/proxy-httpd:4.3.16.2.9.73.1 release-notes-susemanager-4.3.16.2-150400.3.148.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS release-notes-susemanager-4.3.16.2-150400.3.148.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure release-notes-susemanager-4.3.16.2-150400.3.148.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 release-notes-susemanager-4.3.16.2-150400.3.148.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE grafana-11.5.10-150200.3.80.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 grafana-11.5.10-150200.3.80.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 release-notes-susemanager-4.3.16.2-150400.3.148.1 as a component of SUSE Manager Server LTS 4.3 Multi-Linux-ManagerTools-SLE-release-12-120002.1.11.1 as a component of SUSE Multi Linux Manager Tools SLE-12 Multi-Linux-ManagerTools-SLE-release-POOL-12-120002.1.11.1 as a component of SUSE Multi Linux Manager Tools SLE-12 grafana-11.5.10-120002.4.6.1 as a component of SUSE Multi Linux Manager Tools SLE-12 mgrctl-5.1.23-120002.3.6.1 as a component of SUSE Multi Linux Manager Tools SLE-12 mgrctl-bash-completion-5.1.23-120002.3.6.1 as a component of SUSE Multi Linux Manager Tools SLE-12 mgrctl-lang-5.1.23-120002.3.6.1 as a component of SUSE Multi Linux Manager Tools SLE-12 mgrctl-zsh-completion-5.1.23-120002.3.6.1 as a component of SUSE Multi Linux Manager Tools SLE-12 grafana-11.5.10-150002.4.6.1 as a component of SUSE Multi Linux Manager Tools SLE-15 mgrctl-5.1.23-150002.3.6.1 as a component of SUSE Multi Linux Manager Tools SLE-15 mgrctl-bash-completion-5.1.23-150002.3.6.1 as a component of SUSE Multi Linux Manager Tools SLE-15 mgrctl-lang-5.1.23-150002.3.6.1 as a component of SUSE Multi Linux Manager Tools SLE-15 mgrctl-zsh-completion-5.1.23-150002.3.6.1 as a component of SUSE Multi Linux Manager Tools SLE-15 mgrctl-5.1.23-150002.3.6.1 as a component of SUSE Multi Linux Manager Tools SLE-Micro-5 mgrctl-bash-completion-5.1.23-150002.3.6.1 as a component of SUSE Multi Linux Manager Tools SLE-Micro-5 mgrctl-lang-5.1.23-150002.3.6.1 as a component of SUSE Multi Linux Manager Tools SLE-Micro-5 mgrctl-zsh-completion-5.1.23-150002.3.6.1 as a component of SUSE Multi Linux Manager Tools SLE-Micro-5 grafana-11.5.10-150200.3.80.1 as a component of openSUSE Leap 15.6 OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.4.0 to v1.11.0 ( openfga-0.1.34 <= Helm chart <= openfga-0.2.48, v.1.4.0 <= docker <= v.1.11.0) are vulnerable to improper policy enforcement when certain Check and ListObject calls are executed. This issue has been patched in version 1.11.1. CVE-2025-64751 Container suse/manager/4.3/proxy-httpd:4.3.16.2.9.73.1:release-notes-susemanager-proxy-4.3.16.2-150400.3.104.2 Image SLES15-SP4-Manager-Server-4-3-BYOS:release-notes-susemanager-4.3.16.2-150400.3.148.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure:release-notes-susemanager-4.3.16.2-150400.3.148.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2:release-notes-susemanager-4.3.16.2-150400.3.148.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE:release-notes-susemanager-4.3.16.2-150400.3.148.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-11.5.10-150200.3.80.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:grafana-11.5.10-150200.3.80.1 SUSE Manager Server LTS 4.3:release-notes-susemanager-4.3.16.2-150400.3.148.1 SUSE Multi Linux Manager Tools SLE-12:Multi-Linux-ManagerTools-SLE-release-12-120002.1.11.1 SUSE Multi Linux Manager Tools SLE-12:Multi-Linux-ManagerTools-SLE-release-POOL-12-120002.1.11.1 SUSE Multi Linux Manager Tools SLE-12:grafana-11.5.10-120002.4.6.1 SUSE Multi Linux Manager Tools SLE-12:mgrctl-5.1.23-120002.3.6.1 SUSE Multi Linux Manager Tools SLE-12:mgrctl-bash-completion-5.1.23-120002.3.6.1 SUSE Multi Linux Manager Tools SLE-12:mgrctl-lang-5.1.23-120002.3.6.1 SUSE Multi Linux Manager Tools SLE-12:mgrctl-zsh-completion-5.1.23-120002.3.6.1 SUSE Multi Linux Manager Tools SLE-15:grafana-11.5.10-150002.4.6.1 SUSE Multi Linux Manager Tools SLE-15:mgrctl-5.1.23-150002.3.6.1 SUSE Multi Linux Manager Tools SLE-15:mgrctl-bash-completion-5.1.23-150002.3.6.1 SUSE Multi Linux Manager Tools SLE-15:mgrctl-lang-5.1.23-150002.3.6.1 SUSE Multi Linux Manager Tools SLE-15:mgrctl-zsh-completion-5.1.23-150002.3.6.1 SUSE Multi Linux Manager Tools SLE-Micro-5:mgrctl-5.1.23-150002.3.6.1 SUSE Multi Linux Manager Tools SLE-Micro-5:mgrctl-bash-completion-5.1.23-150002.3.6.1 SUSE Multi Linux Manager Tools SLE-Micro-5:mgrctl-lang-5.1.23-150002.3.6.1 SUSE Multi Linux Manager Tools SLE-Micro-5:mgrctl-zsh-completion-5.1.23-150002.3.6.1 openSUSE Leap 15.6:grafana-11.5.10-150200.3.80.1 important 8.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N