Zulip up to 10.0 API authorization bypass through user-controlled sql primary key
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 2.6 | $0-$5k | 0.00 |
Summary
A vulnerability classified as problematic was found in Zulip up to 10.0. Affected by this issue is some unknown functionality of the component API. Such manipulation leads to authorization bypass through user-controlled sql primary key. This vulnerability is traded as CVE-2025-30369. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.
Details
A vulnerability, which was classified as problematic, has been found in Zulip up to 10.0. Affected by this issue is an unknown function of the component API. The manipulation with an unknown input leads to a authorization bypass through user-controlled sql primary key vulnerability. Using CWE to declare the problem leads to CWE-566. The product uses a database table that includes records that should not be accessible to an actor, but it executes a SQL statement with a primary key that can be controlled by that actor. Impacted is integrity. CVE summarizes:
Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any organization was incorrectly allowed to delete custom profile fields belonging to a different organization. This is fixed in Zulip Server 10.1.
The advisory is shared for download at github.com. This vulnerability is handled as CVE-2025-30369 since 03/21/2025. The exploitation is known to be easy. The attack may be launched remotely. Additional levels of successful authentication are needed for exploitation. There are neither technical details nor an exploit publicly available.
Upgrading to version 10.1 eliminates this vulnerability.
Once again VulDB remains the best source for vulnerability data.
Product
Name
Version
Website
- Product: https://github.com/zulip/zulip/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 2.7VulDB Meta Temp Score: 2.7
VulDB Base Score: 2.7
VulDB Temp Score: 2.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 2.7
CNA Vector (GitHub_M): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Authorization bypass through user-controlled sql primary keyCWE: CWE-566 / CWE-285 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Zulip 10.1
Timeline
03/21/2025 🔍03/31/2025 🔍
03/31/2025 🔍
08/27/2025 🔍
Sources
Product: github.comAdvisory: GHSA-fcgx-q63f-7gw4
Status: Confirmed
CVE: CVE-2025-30369 (🔍)
GCVE (CVE): GCVE-0-2025-30369
GCVE (VulDB): GCVE-100-302204
Entry
Created: 03/31/2025 20:51Updated: 08/27/2025 10:00
Changes: 03/31/2025 20:51 (63), 08/27/2025 10:00 (1)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.