CVE-2025-67717

CVSS v4.0

5.3

Medium

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions ZITADEL versions 2.44.0 through 3.4.4 ZITADEL versions 4.0.0-rc.1 through 4.7.1

Description ZITADEL, an open-source identity infrastructure tool, reveals the total number of instance users to authenticated users, irrespective of their permissions. This information disclosure occurs through the totalResult field. While individual user data or personally identifiable information (PII) is not exposed, disclosing the total user count may be sensitive in certain situations.

Recommendations Update to ZITADEL version 3.4.5 or later. Update to ZITADEL version 4.7.2 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-497

Related Identifiers

CVE-2025-67717

GHSA-F4CF-9RVR-2RCX

GO-2025-4227

SUSE-SU-2026:0037-1

Affected Products

Zitadel

CVE-2025-67717

Weakness Enumeration

Related Identifiers

Affected Products

References · 88