CNNVD-202508-2706 Information
CNNVD ID
CNNVD-202508-2706
Related CVE
- CNNVD Published: 2025-08-22
Description (Chinese)
ZITADEL是瑞士ZITADEL开源的一个 Auth0、Firebase Auth、AWS Cognito 以及为容器和无服务器时代构建的 Keycloak 的现代开源替代方案。 ZITADEL 4.0.0至4.0.2版本、3.0.0至3.3.6版本和2.71.15之前版本存在安全漏洞,该漏洞源于登录界面存在用户名枚举问题。
Description (English)
ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito and Keycloak built in the age of packagings and servers. ZITADEL 4.0.0 to 4.0.2, 3.0.0 to 3.3.6 and prior to 2.71.15 have security gaps, which stem from the problem of user naming in the login interface.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
ZITADEL
Published
2025-08-22
Last Modified
2026-02-24
References
https://zitadel.com/docs/self-hosting/manage/production#limits-and-quotas https://github.com/zitadel/zitadel/security/advisories/GHSA-g9c3-xh6v-fr86 https://github.com/zitadel/zitadel/releases/tag/v4.0.3 https://github.com/zitadel/zitadel/releases/tag/v3.4.0 https://github.com/zitadel/zitadel/releases/tag/v2.71.15 https://github.com/zitadel/zitadel/commit/7abe759c95cb360524d88b51744d03cbb6e4dcdb https://access.redhat.com/security/cve/cve-2025-57770 https://nvd.nist.gov/vuln/detail/CVE-2025-57770
Patch
https://github.com/zitadel/zitadel/releases
Share on: