CNNVD-202511-1594 Information
CNNVD ID
CNNVD-202511-1594
Related CVE
- CNNVD Published: 2025-11-13
Description (Chinese)
ZITADEL是瑞士ZITADEL开源的一个 Auth0、Firebase Auth、AWS Cognito 以及为容器和无服务器时代构建的 Keycloak 的现代开源替代方案。 ZITADEL 2.50.0版本至2.71.19版本、3.4.4版本和4.6.6版本之前存在授权问题漏洞,该漏洞源于联合过程存在漏洞,可能导致账户接管。
Description (English)
ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito and Keycloak built in the age of packagings and servers. ZITADEL 2.5.0.0 to 2.71.19, 3.4.4 and 4.6.6 had a gap in delegation of authority prior to that point, which stemmed from a gap in the joint process that could lead to the taking over of the account.
Hazard Level
High
Vulnerability Type
授权问题
Affected Vendor
ZITADEL
Published
2025-11-13
Last Modified
2026-02-24
References
https://github.com/zitadel/zitadel/releases/tag/v4.6.6 https://github.com/zitadel/zitadel/releases/tag/v2.71.19 https://github.com/zitadel/zitadel/releases/tag/v3.4.4 https://github.com/zitadel/zitadel/security/advisories/GHSA-j4g7-v4m4-77px https://access.redhat.com/security/cve/cve-2025-64717
Patch
https://github.com/zitadel/zitadel/releases
Share on: