Authentication bypass in Aries due to misconfiguration_CVE-2025-68609

6.6 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Description

A vulnerability in Palantir's Aries service allowed unauthenticated access to log viewing and management functionality on Apollo instances using default configuration. The defect resulted in both authentication and authorization checks being bypassed, potentially allowing any network-accessible client to view system logs and perform operations without valid credentials. No evidence of exploitation was identified during the vulnerability window.

Basic Information

ID CVE-2025-68609

Source Palantir

Published Jan 22, 2026 at 19:06

Modified Jan 22, 2026 at 19:33

Affected Product

Vendor Palantir

Product com.palantir.aries:aries

Version 1.554.0

CWE Classification

CWE-305

References

palantir.safebase.us /

{
    "lastseen": "",
    "description": "A vulnerability in Palantir's Aries service allowed unauthenticated access to log viewing and management functionality on Apollo instances using default configuration. The defect resulted in both authentication and authorization checks being bypassed, potentially allowing any network-accessible client to view system logs and perform operations without valid credentials. No evidence of exploitation was identified during the vulnerability window.",
    "published": "2026-01-22T19:06:05.914Z",
    "modified": "2026-01-22T19:33:36.287Z",
    "type": "cve",
    "title": "Authentication bypass in Aries due to misconfiguration",
    "source": "Palantir",
    "references": "https://palantir.safebase.us/?tcuUid=955a313a-1735-48a6-9fb4-e10404f14eb5",
    "id": "CVE-2025-68609",
    "bulletinFamily": "",
    "cwe": [
        "CWE-305"
    ],
    "cvelist": null,
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 6.6,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "com.palantir.aries:aries",
    "version": "1.554.0",
    "vendor": "Palantir",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}