CVE-2025-67717

Medium CVSS: 5.3

ZITADEL is an open-source identity infrastructure tool. Versions 2.44.0 through 3.4.4 and 4.0.0-rc.1 through 4.7.1 disclose the total number of instance users to authenticated users, regardless of their specific permissions. While this does not leak individual user data or PII, disclosing the total user count via the totalResult field constitutes an information disclosure vulnerability that may be sensitive in certain contexts. This issue is fixed in versions 3.4.5 and 4.7.2.

Vendor

Zitadel

Product

Zitadel

CWE

CWE-497

Yayın Tarihi

2025-12-11 01:16:01

Güncelleme

2026-02-02 15:10:37

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-497 Zitadel MEDIUM Zitadel 2025

Referanslar

https://github.com/zitadel/zitadel/commit/826039c6208fe71df57b3a94c982b5ac5b0af12c https://github.com/zitadel/zitadel/security/advisories/GHSA-f4cf-9rvr-2rcx

Benzer Kayıtlar

Medium

CVE-2026-33132

ZITADEL is an open source identity management platform. Versions prior to 3.4.9 and 4.0.0 through 4.12.2 allowed users t…

High

CVE-2026-32132

ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a potential vulnerability exists in Z…

High

CVE-2026-32130

ZITADEL is an open source identity management platform. From 2.68.0 to before 3.4.8 and 4.12.2, Zitadel provides a Syste…

High

CVE-2026-32131

ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel's Manageme…

Critical

CVE-2026-29191

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login…

High

CVE-2026-29192

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login…