- Description
- The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. ZITADEL's Admin API contains Insecure Direct Object Reference (IDOR) vulnerabilities that allow authenticated users, without specific IAM roles, to modify sensitive settings. While several endpoints are affected, the most critical vulnerability lies in the ability to manipulate LDAP configurations. Customers who do not utilize LDAP for authentication are not at risk from the most severe aspects of this vulnerability. However, upgrading to the patched version to address all identified issues is strongly recommended. This vulnerability is fixed in 2.71.0, 2.70.1, ,2.69.4, 2.68.4, 2.67.8, 2.66.11, 2.65.6, 2.64.5, and 2.63.8.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 9
- Impact score
- 6
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-639
- Hype score
- Not currently trending
#VulnAlert 🚨 CVE-2025-27507 (CVSS 9.0)🚨 IDOR (Insecure Direct Object Reference) en Zitadel Vulnerabilidad crítica que supone secuestro de cuentas. 👀 Dork: HUNTER : https://t.co/hGGK7zQHHF="Zitadel" Más información: https://t.co/XXoXgY2xm5
@Cyph3R_CyberSec
12 Mar 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-27507(CVSS 9.0): Zitadel Insecure Direct Object Reference (IDOR) Vulnerability 📊 2.8K+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/kQYrJwjd6T 👇Query HUNTER : https://t.co/q9rtuGgxk7="Zitadel"… https://t.co/mBMuEwxQi9 h
@HunterMapping
6 Mar 2025
1294 Impressions
5 Retweets
15 Likes
4 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-27507 ⚠️🔴 CRITICAL (9) 🏢 zitadel - zitadel 🏗️ >= 2.63.0-rc.1, < 2.63.8 🔗 https://t.co/eFJebzgnm9 🔗 https://t.co/rLFBobhRQ5 #CyberCron #VulnAlert #InfoSec https://t.co/8AsBxHuaMl
@cybercronai
6 Mar 2025
141 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
1 Quote
CVE-2025-27507 IDOR Vulnerability in Zitadel Admin API Enables Unauthorized LDAP Configuration Modification https://t.co/AXs5QYb5w7
@VulmonFeeds
4 Mar 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-27507: CRITICAL] ZITADEL's Admin API has IDOR vulnerabilities, particularly affecting LDAP configurations. Upgrading to patched versions like 2.71.0 is recommended to address these cyber security risks.#cybersecurity,#vulnerability https://t.co/XJVzr3neOC https://t.co/G
@CveFindCom
4 Mar 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes