CVE-2025-32359

Medium CVSS: 4.8

In Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. When changing their two factor authentication configuration, users need to re-authenticate with their current password first. However, this change was enforced in Zammad only on the front end level, and not when using the API directly.

Vendor

Zammad

Product

Zammad

CWE

CWE-602

Yayın Tarihi

2025-04-05 21:15:40

Güncelleme

2025-04-15 15:31:20

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-602 Zammad MEDIUM Zammad 2025

Referanslar

https://zammad.com/en/advisories/zaa-2025-02

Benzer Kayıtlar

Medium

CVE-2025-32358

In Zammad 6.4.x before 6.4.2, SSRF can occur. Authenticated admin users can enable webhooks in Zammad, which are trigger…

Medium

CVE-2025-32360

In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared articl…

Medium

CVE-2025-32357

In Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to use the Zammad API to f…