CVE-2025-57770 ZITADEL user enumeration vulnerability in login UI

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Versions 4.0.0 to 4.0.2, 3.0.0 to 3.3.6, and all versions prior to 2.71.15 are vulnerable to a username enumeration issue in the login interface. The login UI includes a security...

PT-2025-34464 · Zitadel · Zitadel

Name of the Vulnerable Software and Affected Versions: Zitadel versions 4.0.0 through 4.0.2 Zitadel versions 3.0.0 through 3.3.6 Zitadel versions prior to 2.71.15 Description: Zitadel allows administrators to disable user self-registration. A username enumeration issue exists in the login interfa...