Critical Vulnerability in Apache Cassandra Allows Remote Access to Data Centers!

A serious security vulnerability has been discovered in Apache Cassandra, a widely used distributed database system. This vulnerability, registered as CVE-2025-24860, allows attackers to gain unauthorized access to data centers or network zones.

The issue is specifically related to authentication misconfigurations, enabling users with limited privileges to escalate their permissions and gain broader access.

Technical Details of the Vulnerability

The identified vulnerability is caused by Incorrect Authorization in Apache Cassandra. The flaw affects CassandraNetworkAuthorizer and CassandraCIDRAuthorizer, which are responsible for restricting database access to specific IP addresses or network zones. However, due to this vulnerability, users with limited permissions can execute Data Control Language (DCL) commands to escalate their privileges.

Potential Risks

This vulnerability poses the following threats:

🔴 System security breach – attackers can modify access rights and gain unauthorized entry to sensitive data.

🔴 Network security risks – internal data centers may be left vulnerable to cyberattacks.

🔴 Data theft or corruption – confidential documents and critical information could be exposed to unauthorized entities.

Which Apache Cassandra Versions Are Affected?

The following Apache Cassandra versions are vulnerable:

✔ 4.0.0 – 4.0.15
✔ 4.1.0 – 4.1.7
✔ 5.0.0 – 5.0.2

Affected Components:

🔹 CassandraNetworkAuthorizer – affected in versions 4.0.0 – 4.0.15 and 4.1.0 – 4.1.7.
🔹 CassandraNetworkAuthorizer and CassandraCIDRAuthorizer – affected in versions 5.0.0 – 5.0.2.

Fixed Versions

The Apache Cassandra team has released patches to address this vulnerability:

✔ 4.0.16
✔ 4.1.8
✔ 5.0.3

These updates fix authentication mechanisms and ensure they function correctly. It is strongly recommended to apply these patches as soon as possible.

Recommended Security Measures

If updating the system is not immediately possible, consider implementing the following security precautions:

✅ Review authentication and access control policies – check permissions for users and administrators.
✅ Restrict database access – block unauthorized IP addresses and networks from connecting.
✅ Monitor DCL commands – set up alerts for any permission changes made by users.
✅ Regularly audit the database – analyze logs for suspicious activities and unauthorized access attempts.

The CVE-2025-24860 vulnerability poses a serious threat to Apache Cassandra users, as it allows attackers to bypass security controls and gain unauthorized access to critical data.

This incident highlights the importance of regularly updating systems and strengthening security measures.

The vulnerability was reported to the Apache Cassandra team by security researcher Stefan Miklosovic. Official security advisories have been published on Apache’s official website and cve.org.

If you are using Apache Cassandra, update your system immediately and implement additional security measures!