Minder does not sandbox http.send in Rego programs_CVE-2025-65109

8.5 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L

Description

Minder is an open source software supply chain security platform. In Minder Helm version 0.20241106.3386+ref.2507dbf and Minder Go versions from 0.0.72 to 0.0.83, Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have access to. This issue has been patched in Minder Helm version 0.20250203.3849+ref.fdc94f0 and Minder Go version 0.0.84.

Basic Information

ID CVE-2025-65109

Source GitHub_M

Published Nov 21, 2025 at 21:56

Affected Product

Vendor mindersec

Product minder

Version Helm = 0.20241106.3386+ref.2507dbf

Affected Versions mindersec minder Helm = 0.20241106.3386+ref.2507dbf
mindersec minder Go >= 0.0.72, < 0.0.84

CWE Classification

CWE-830

References

{
    "lastseen": "",
    "description": "Minder is an open source software supply chain security platform. In Minder Helm version 0.20241106.3386+ref.2507dbf and Minder Go versions from 0.0.72 to 0.0.83, Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have access to. This issue has been patched in Minder Helm version 0.20250203.3849+ref.fdc94f0 and Minder Go version 0.0.84.",
    "published": "2025-11-21T21:56:53.667Z",
    "modified": "2025-11-21T21:56:53.667Z",
    "type": "cve",
    "title": "Minder does not sandbox http.send in Rego programs",
    "source": "GitHub_M",
    "references": "https://github.com/mindersec/minder/security/advisories/GHSA-6xvf-4vh9-mw47\nhttps://github.com/mindersec/minder/commit/f770400923984649a287d7215410ef108e845af8",
    "id": "CVE-2025-65109",
    "bulletinFamily": "",
    "cwe": [
        "CWE-830"
    ],
    "cvelist": null,
    "sourceData": "mindersec minder Helm = 0.20241106.3386+ref.2507dbf\nmindersec minder Go >= 0.0.72, < 0.0.84",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "minder",
    "version": "Helm = 0.20241106.3386+ref.2507dbf",
    "vendor": "mindersec",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}