CNNVD-202511-780 Information
CNNVD ID
CNNVD-202511-780
Related CVE
- CNNVD Published: 2025-11-07
Description (Chinese)
ZITADEL是瑞士ZITADEL开源的一个 Auth0、Firebase Auth、AWS Cognito 以及为容器和无服务器时代构建的 Keycloak 的现代开源替代方案。 ZITADEL 4.0.0-rc.1版本至4.6.2版本存在安全漏洞,该漏洞源于V2Beta API存在不安全的直接对象引用,可能导致组织间数据被访问和修改。
Description (English)
ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito and Keycloak built in the age of packagings and servers. ZITADEL Versions 4.0.0-rc.1 to 4.6.2 contain a security loophole, which stems from the presence of unsafe direct reference to V2 Beta API, which may lead to inter-organizational data being accessed and modified.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
ZITADEL
Published
2025-11-07
Last Modified
2026-02-24
References
https://github.com/zitadel/zitadel/commit/8dcfff97ed52a8b9fc77ecb1f972744f42cff3ed https://github.com/zitadel/zitadel/releases/tag/v4.6.3 https://github.com/zitadel/zitadel/security/advisories/GHSA-cpf4-pmr4-w6cx https://access.redhat.com/security/cve/cve-2025-64431
Patch
https://github.com/zitadel/zitadel/releases
Share on: