CNNVD-202512-2252 Information

Dec 11, 2025 cve

CNNVD ID

CNNVD-202512-2252

CVE-2025-67717

CNNVD Published: 2025-12-11

Description (Chinese)

ZITADEL是瑞士ZITADEL开源的一个 Auth0、Firebase Auth、AWS Cognito 以及为容器和无服务器时代构建的 Keycloak 的现代开源替代方案。 ZITADEL 2.44.0版本至3.4.4版本和4.0.0-rc.1版本至4.7.1版本存在安全漏洞，该漏洞源于向认证用户披露实例用户总数，可能导致信息泄露。

Description (English)

ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito and Keycloak built in the age of packagings and servers. ZITADEL Versions 2.44.0 to 3.4.4 and 4.0.0-rc.1 to 4.7.1 contain a security loophole, which stems from the total number of users who disclose examples to the authentication users and may lead to the disclosure of information.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

ZITADEL

Published

2025-12-11

Last Modified

2026-02-24

References

https://github.com/zitadel/zitadel/commit/826039c6208fe71df57b3a94c982b5ac5b0af12c https://github.com/zitadel/zitadel/security/advisories/GHSA-f4cf-9rvr-2rcx

Patch

https://zitadel.com/

Share on: