SUSE CVE-2025-10678

NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by ZITADEL. This issue affects instances installed using vendor's provided script. This issue may affect instances created with Docker if the default password was not...

CVE-2025-10678

NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by ZITADEL. This issue affects instances installed using vendor's provided script. This issue may affect instances created with Docker if the default password was not...

EUVD-2025-35061

NetBird VPN does not remove the default password of an admin account...

GO-2025-3499 IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations in github.com/zitadel/zitadel

IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

Insecure Direct Object Reference (IDOR)

github.com/zitadel/zitadel is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient access control in the Admin API, allowing authenticated users without specific IAM roles to modify sensitive settings...

IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations

Summary ZITADEL's Admin API contains Insecure Direct Object Reference IDOR vulnerabilities that allow authenticated users, without specific IAM roles, to modify sensitive settings. While several endpoints are affected, the most critical vulnerability lies in the ability to manipulate LDAP...

GHSA-F3GH-529W-V32X IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations

Summary ZITADEL's Admin API contains Insecure Direct Object Reference IDOR vulnerabilities that allow authenticated users, without specific IAM roles, to modify sensitive settings. While several endpoints are affected, the most critical vulnerability lies in the ability to manipulate LDAP...

CVE-2025-27507

Summary: CVE-2025-27507 concerns IDOR flaws in Zitadel’s Admin API that authenticated users (without specific IAM roles) can exploit to modify sensitive settings, with the most critical impact on LDAP configurations. The vulnerability enables manipulation of LDAP-related endpoints (notably /idps/...

CVE-2025-27507 IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. ZITADEL's Admin API contains Insecure Direct Object Reference IDOR vulnerabilities that allow authenticated users, without specific IAM roles, to modify sensitive settings. While...