PT-2025-15070 · Zammad · Zammad
Published
2025-04-05
·
Updated
2025-04-06
·
CVE-2025-32357
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Zammad versions 6.4.0 through 6.4.1
Description
The issue allows an authenticated agent with knowledge base permissions to use the Zammad API to fetch knowledge base content that they have no permission for.
Recommendations
For versions 6.4.0 through 6.4.1, update to version 6.4.2 or later to resolve the issue.
Fix
LPE
Missing Authentication
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Zammad