CNNVD-202510-3961 Information
CNNVD ID
CNNVD-202510-3961
Related CVE
- CNNVD Published: 2025-10-29
Description (Chinese)
ZITADEL是瑞士ZITADEL开源的一个 Auth0、Firebase Auth、AWS Cognito 以及为容器和无服务器时代构建的 Keycloak 的现代开源替代方案。 ZITADEL 2.53.6版本、2.54.3版本和2.55.0版本存在安全漏洞,该漏洞源于未强制要求多因素认证,可能导致攻击者绕过密码验证并仅针对TOTP代码进行攻击。
Description (English)
ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito and Keycloak built in the age of packagings and servers. ZITADEL Versions 2.53.6, 2.54.3 and 2.55.0 have a security loophole, which stems from the failure to enforce multiple-factor authentication, which may lead the attackers to bypass password authentication and attack only against TOTP code.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
ZITADEL
Published
2025-10-29
Last Modified
2026-02-24
References
https://github.com/zitadel/zitadel/security/advisories/GHSA-cfjq-28r2-4jv5 https://github.com/zitadel/zitadel/commit/b284f8474eed0cba531905101619e7ae7963156b https://access.redhat.com/security/cve/cve-2025-64103
Patch
https://github.com/zitadel/zitadel/releases
Share on: