CVE-2025-7974

High CVSS: 7.5

rocket.chat Incorrect Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of rocket.chat. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the web service, which listens on TCP port 3000 by default. The issue results from incorrect authorization. An attacker can leverage this vulnerability to disclose information in the context of the application. Was ZDI-CAN-26517.

Vendor

Rocket.chat

Product

Rocket.chat

CWE

CWE-863

Yayın Tarihi

2025-09-02 20:15:37

Güncelleme

2026-01-27 18:39:15

Source Identifier

zdi-disclosures@trendmicro.com

KEV Date Added

Kategoriler

CWE-863 Rocket.chat HIGH Rocket.chat 2025

Referanslar

https://www.zerodayinitiative.com/advisories/ZDI-25-627/

Benzer Kayıtlar

Medium

CVE-2026-30833

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.1…

High

CVE-2026-30831

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.1…

Critical

CVE-2026-28514

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.8.6, 7.9.8, 7.10.…

High

CVE-2026-23477

Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0,…

Medium

CVE-2025-5892

A vulnerability, which was classified as problematic, has been found in RocketChat up to 7.6.1. This issue affects the f…