{"vulnerability": "CVE-2025-26511", "sightings": [{"uuid": "9e9f87b6-c7af-43b4-b3a6-86bf25da8e94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26511", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113997351988993753", "content": "", "creation_timestamp": "2025-02-13T15:45:48.214544Z"}, {"uuid": "1d81779b-fa8a-47bf-ac17-338f588d3495", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26511", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li33mqcjga2h", "content": "", "creation_timestamp": "2025-02-13T16:17:36.549097Z"}, {"uuid": "fe593197-7e29-41d5-907f-d9a64c7fd999", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26511", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113997600137162854", "content": "", "creation_timestamp": "2025-02-13T16:48:56.595265Z"}, {"uuid": "cac82f28-ea8f-49b9-9e1c-e16c734b6cd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26511", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li373uczax2z", "content": "", "creation_timestamp": "2025-02-13T17:19:45.353037Z"}, {"uuid": "1440dd8f-5694-4666-8600-3dcd93ce8770", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26511", "type": "seen", "source": "MISP/db121278-a8f5-4f36-a226-e45f3a86f55e", "content": "", "creation_timestamp": "2025-08-26T13:26:33.000000Z"}, {"uuid": "9dbdbdda-2ddd-4765-9668-5939533e3bd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26511", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4386", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26511\n\ud83d\udd25 CVSS Score: 8.7 (CVSS_V3)\n\ud83d\udd39 Description: **Summary / Details**\nSystems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 and 4.1.0-1.0.0 through 4.1.8-1.0.0, installed into Apache Cassandra version 4.x, are susceptible to a vulnerability which when successfully exploited could allow authenticated Cassandra users to remotely bypass RBAC to access data and and escalate their privileges. \n\n**Affected Versions**\n- Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 \n- versions 4.1.0-1.0.0 through 4.1.8-1.0.0\nwhen installed into Apache Cassandra version 4.x.\n\n**Required Configuration for Exploit**\nThese are the conditions required to enable exploit:\n1. Cassandra 4.x\n2. Vulnerable version of the Cassandra-Lucene-Index plugin configured for use\n3. Data added to tables\n4. Lucene index created\n5. Cassandra flush has run\n\n**Mitigation/Prevention**\nMitigation requires dropping all Lucene indexes and stopping use of the plugin. Exploit will be possible any time the required conditions are met.\n\n**Solution**\nUpgrade to a fixed version of the Cassandra-Lucene-Index plugin.  \nReview users in Cassandra to validate all superuser privileges.\n\ud83d\udccf Published: 2025-02-13T17:16:27Z\n\ud83d\udccf Modified: 2025-02-14T00:32:57Z\n\ud83d\udd17 References:\n1. https://github.com/instaclustr/cassandra-lucene-index/security/advisories/GHSA-mrqp-q7vx-v2cx\n2. https://nvd.nist.gov/vuln/detail/CVE-2025-26511\n3. https://github.com/instaclustr/cassandra-lucene-index/commit/94380b165bd3e597d3e22e47f8cc674ec7c7bf7f\n4. https://github.com/instaclustr/cassandra-lucene-index", "creation_timestamp": "2025-02-14T01:13:03.000000Z"}, {"uuid": "85cb5b10-2ac4-497b-9d31-807e56448d54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26511", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4277", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26511\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-13T16:16:50.270\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://github.com/instaclustr/cassandra-lucene-index/security/advisories/GHSA-mrqp-q7vx-v2cx", "creation_timestamp": "2025-02-13T17:12:16.000000Z"}, {"uuid": "35e9980a-edda-4efa-bb1e-b6a18d5100b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26511", "type": "seen", "source": "https://t.me/cvedetector/18023", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26511 - Incastlustr Cassandra-Lucene-Index Plugin Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26511 \nPublished : Feb. 13, 2025, 4:16 p.m. | 1\u00a0hour, 24\u00a0minutes ago \nDescription : Systems running the Instaclustr   \nfork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0   \nthrough 4.0.16-1.0.0 and 4.1.2-1.0.0 through 4.1.8-1.0.0, installed into  \n Apache Cassandra version 4.x, are susceptible to a vulnerability which   \nwhen successfully exploited could allow authenticated Cassandra users to  \n remotely bypass RBAC and escalate their privileges. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-13T18:50:28.000000Z"}, {"uuid": "877f0bb3-9bc6-4b86-912f-954ab9445a62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26511", "type": "seen", "source": "Telegram/pxvpnGt6nOl9WDYDx-IwgmgmsJS830JRpOM-0ZAytHYRW6eW", "content": "", "creation_timestamp": "2025-02-14T10:09:24.000000Z"}]}