Executive Summary

Informations
Name CVE-2025-30368 First vendor Publication 2025-03-31
Vendor Cve Last vendor Modification 2025-04-01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Zulip is an open-source team collaboration tool. The API for deleting an organization export is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any organization was incorrectly allowed to delete an export of a different organization. This is fixed in Zulip Server 10.1.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30368

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-566 Access Control Bypass Through User-Controlled SQL Primary Key

Sources (Detail)

https://github.com/zulip/zulip/commit/07dcee36b2a34d63429d7a706f880628cf3433df
https://github.com/zulip/zulip/security/advisories/GHSA-rmhr-5ffq-qcrc
https://zulip.readthedocs.io/en/latest/overview/changelog.html#zulip-server-10-1
Source Url

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2025-05-27 02:56:28
  • First insertion