| id: GO-2025-3499 |
| modules: |
| - module: github.com/zitadel/zitadel |
| non_go_versions: |
| - fixed: 2.63.8 |
| - introduced: 2.64.0 |
| - fixed: 2.64.5 |
| - introduced: 2.65.0 |
| - fixed: 2.65.6 |
| - introduced: 2.66.0 |
| - fixed: 2.66.11 |
| - introduced: 2.67.0 |
| - fixed: 2.67.8 |
| - introduced: 2.68.0 |
| - fixed: 2.68.4 |
| - introduced: 2.69.0 |
| - fixed: 2.69.4 |
| - introduced: 2.70.0 |
| - fixed: 2.70.1 |
| vulnerable_at: 1.87.5 |
| summary: |- |
| IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP |
| Configurations in github.com/zitadel/zitadel |
| cves: |
| - CVE-2025-27507 |
| ghsas: |
| - GHSA-f3gh-529w-v32x |
| references: |
| - advisory: https://github.com/zitadel/zitadel/security/advisories/GHSA-f3gh-529w-v32x |
| - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-27507 |
| - fix: https://github.com/zitadel/zitadel/commit/d9d8339813f1c43d3eb7d8d80f11fdabb2fd2ee4 |
| - web: https://github.com/zitadel/zitadel/releases/tag/v2.63.8 |
| - web: https://github.com/zitadel/zitadel/releases/tag/v2.64.5 |
| - web: https://github.com/zitadel/zitadel/releases/tag/v2.65.6 |
| - web: https://github.com/zitadel/zitadel/releases/tag/v2.66.11 |
| - web: https://github.com/zitadel/zitadel/releases/tag/v2.67.8 |
| - web: https://github.com/zitadel/zitadel/releases/tag/v2.68.4 |
| - web: https://github.com/zitadel/zitadel/releases/tag/v2.69.4 |
| - web: https://github.com/zitadel/zitadel/releases/tag/v2.70.1 |
| - web: https://github.com/zitadel/zitadel/releases/tag/v2.71.0 |
| source: |
| id: GHSA-f3gh-529w-v32x |
| created: 2025-03-05T11:00:25.005047-05:00 |
| review_status: UNREVIEWED |
