CVE-2025-32357

Medium CVSS: 4.3

In Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to use the Zammad API to fetch knowledge base content that they have no permission for.

Vendor

Zammad

Product

Zammad

CWE

CWE-288

Yayın Tarihi

2025-04-05 21:15:39

Güncelleme

2025-04-15 16:37:00

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-288 Zammad MEDIUM Zammad 2025

Referanslar

https://zammad.com/en/advisories/zaa-2025-04

Benzer Kayıtlar

Medium

CVE-2025-32358

In Zammad 6.4.x before 6.4.2, SSRF can occur. Authenticated admin users can enable webhooks in Zammad, which are trigger…

Medium

CVE-2025-32359

In Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. When changing their two factor a…

Medium

CVE-2025-32360

In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared articl…