CVE-2025-64431

Name of the Vulnerable Software and Affected Versions Zitadel versions 4.0.0-rc.1 through 4.6.2

Description Zitadel is an open source identity management platform susceptible to secure Direct Object Reference (IDOR) attacks through its V2Beta API. Authenticated users with specific administrator roles within an organization can access and modify data belonging to other organizations. The affected data is limited to organization-level information, including name, domains, and metadata. No other data, such as users, projects, or applications, is impacted. The API endpoint involved is the V2Beta API.

Recommendations Update to version 4.6.3 or later.