CVE-2025-7974

Name of the Vulnerable Software and Affected Versions rocket.chat (affected versions not specified)

Description This issue allows remote attackers to disclose sensitive information on affected installations of rocket.chat. Authentication is not required to exploit this issue. The flaw exists within the web service, listening on TCP port 3000 by default, and results from incorrect authorization. An attacker can leverage this to disclose information in the context of the application.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.