Backstage: Information Disclosure via Conditional Decisions in Scaffolder Plugin

In Backstage Scaffolder plugin (permissions backend) a medium severity vulnerability CVE-2025-32791 was detected. This vulnerability allows callers to extract limited information about the conditional decisions returned by the installed permission policy in the permission backend, though there is no impact if the permission system is disabled or the policy does not use conditional decisions. To address this issue, users should upgrade Backstage Scaffolder plugin to version 0.6.0 of the permissions backend. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32791.