3 matches found
CVE-2025-32359
creationtimestamp| type| source ---|---|--- 2025-04-05 21:37:52+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/10612 2025-04-06 01:07:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lm4aykf7sx2q 2025-04-06 01:46:44+00:00| seen| https://t.me/cvedetector/22198...
CVE-2025-32359
The CVE-2025-32359 entry concerns Zammad 6.4.x prior to 6.4.2, where a security check (re-authentication with the current password when changing two-factor authentication settings) is enforced only on the front end and not when calls are made via the API. Affected software: Zammad 6.4.0–6.4.1 (6....
CVE-2025-32359
In Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. When changing their two factor authentication configuration, users need to re-authenticate with their current password first. However, this change was enforced in Zammad only on the front end level, and not wh...