CVE-2025-8793
Published: 10 August 2025
Summary
CVE-2025-8793 is a low-severity Resource Injection (CWE-99) vulnerability in Litmuschaos Litmus. Its CVSS base score is 2.1 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 44.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-24073
Vulnerability details
A vulnerability classified as problematic was found in LitmusChaos Litmus up to 3.19.0. Affected by this vulnerability is an unknown functionality. The manipulation of the argument projectID leads to improper control of resource identifiers. The attack can be launched remotely.…
more
The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
IDOR/resource injection via projectID allows low-privileged attackers to bypass access controls, access unauthorized project data in LitmusChaos (Kubernetes chaos platform), enabling exploitation for privilege escalation, valid cloud account abuse, lateral movement via cloud services, remote service exploitation, and container/resource discovery.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.