CNNVD-202507-2055 Information
CNNVD ID
CNNVD-202507-2055
Related CVE
- CNNVD Published: 2025-07-15
Description (Chinese)
ZITADEL是瑞士ZITADEL开源的一个 Auth0、Firebase Auth、AWS Cognito 以及为容器和无服务器时代构建的 Keycloak 的现代开源替代方案。 ZITADEL 4.0.0-rc.2版本、3.3.2版本、2.71.13版本和2.70.14之前版本存在安全漏洞,该漏洞源于缺少权限检查,可能导致会话劫持。
Description (English)
ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito and Keycloak built in the age of packagings and servers. ZITADEL Version 4.0.0-rc.2, Version 3.3.2, Version 2.71.13 and previous versions 2.70.14 contain a security loophole, which stems from the lack of access checks and may lead to the hijacking of conversations.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
ZITADEL
Published
2025-07-15
Last Modified
2026-02-24
References
https://github.com/zitadel/zitadel/releases/tag/v4.0.0-rc.2 https://github.com/zitadel/zitadel/releases/tag/v3.3.2 https://github.com/zitadel/zitadel/security/advisories/GHSA-6c5p-6www-pcmr https://github.com/zitadel/zitadel/releases/tag/v2.71.13 https://github.com/zitadel/zitadel/releases/tag/v2.70.14 https://nvd.nist.gov/vuln/detail/CVE-2025-53895
Patch
https://github.com/zitadel/zitadel/releases
Share on: