{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-46815", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-04-30T19:41:58.133Z", "datePublished": "2025-05-06T17:13:53.878Z", "dateUpdated": "2025-05-06T18:21:14.384Z"}, "containers": {"cna": {"title": "ZITADEL Allows IdP Intent Token Reuse", "problemTypes": [{"descriptions": [{"cweId": "CWE-613", "lang": "en", "description": "CWE-613: Insufficient Session Expiration", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-294", "lang": "en", "description": "CWE-294: Authentication Bypass by Capture-replay", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-384", "lang": "en", "description": "CWE-384: Session Fixation", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/zitadel/zitadel/security/advisories/GHSA-g4r8-mp7g-85fq", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-g4r8-mp7g-85fq"}, {"name": "https://github.com/zitadel/zitadel/commit/b1e60e7398d677f08b06fd7715227f70b7ca1162", "tags": ["x_refsource_MISC"], "url": "https://github.com/zitadel/zitadel/commit/b1e60e7398d677f08b06fd7715227f70b7ca1162"}, {"name": "https://github.com/zitadel/zitadel/releases/tag/v2.70.10", "tags": ["x_refsource_MISC"], "url": "https://github.com/zitadel/zitadel/releases/tag/v2.70.10"}, {"name": "https://github.com/zitadel/zitadel/releases/tag/v2.71.9", "tags": ["x_refsource_MISC"], "url": "https://github.com/zitadel/zitadel/releases/tag/v2.71.9"}, {"name": "https://github.com/zitadel/zitadel/releases/tag/v3.0.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/zitadel/zitadel/releases/tag/v3.0.0"}], "affected": [{"vendor": "zitadel", "product": "zitadel", "versions": [{"version": ">= 3.0.0-rc.1, < 3.0.0", "status": "affected"}, {"version": "< 2.70.10", "status": "affected"}, {"version": ">= 2.71.0, < 2.71.9", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-05-06T17:13:53.878Z"}, "descriptions": [{"lang": "en", "value": "The identity infrastructure software ZITADEL offers developers the ability to manage user sessions using the Session API. This API enables the use of IdPs for authentication, known as idp intents. Following a successful idp intent, the client receives an id and token on a predefined URI. These id and token can then be used to authenticate the user or their session. However, prior to versions 3.0.0, 2.71.9, and 2.70.10, it was possible to exploit this feature by repeatedly using intents. This allowed an attacker with access to the application\u2019s URI to retrieve the id and token, enabling them to authenticate on behalf of the user. It's important to note that the use of additional factors (MFA) prevents a complete authentication process and, consequently, access to the ZITADEL API. Versions 3.0.0, 2.71.9, and 2.70.10 contain a fix for the issue. No known workarounds other than upgrading are available."}], "source": {"advisory": "GHSA-g4r8-mp7g-85fq", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-06T18:20:59.907100Z", "id": "CVE-2025-46815", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-06T18:21:14.384Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-46815", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-06T18:20:59.907100Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-06T18:21:04.279Z"}}], "cna": {"title": "ZITADEL Allows IdP Intent Token Reuse", "source": {"advisory": "GHSA-g4r8-mp7g-85fq", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "zitadel", "product": "zitadel", "versions": [{"status": "affected", "version": ">= 3.0.0-rc.1, < 3.0.0"}, {"status": "affected", "version": "< 2.70.10"}, {"status": "affected", "version": ">= 2.71.0, < 2.71.9"}]}], "references": [{"url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-g4r8-mp7g-85fq", "name": "https://github.com/zitadel/zitadel/security/advisories/GHSA-g4r8-mp7g-85fq", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/zitadel/zitadel/commit/b1e60e7398d677f08b06fd7715227f70b7ca1162", "name": "https://github.com/zitadel/zitadel/commit/b1e60e7398d677f08b06fd7715227f70b7ca1162", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/zitadel/zitadel/releases/tag/v2.70.10", "name": "https://github.com/zitadel/zitadel/releases/tag/v2.70.10", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/zitadel/zitadel/releases/tag/v2.71.9", "name": "https://github.com/zitadel/zitadel/releases/tag/v2.71.9", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/zitadel/zitadel/releases/tag/v3.0.0", "name": "https://github.com/zitadel/zitadel/releases/tag/v3.0.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "The identity infrastructure software ZITADEL offers developers the ability to manage user sessions using the Session API. This API enables the use of IdPs for authentication, known as idp intents. Following a successful idp intent, the client receives an id and token on a predefined URI. These id and token can then be used to authenticate the user or their session. However, prior to versions 3.0.0, 2.71.9, and 2.70.10, it was possible to exploit this feature by repeatedly using intents. This allowed an attacker with access to the application\u2019s URI to retrieve the id and token, enabling them to authenticate on behalf of the user. It's important to note that the use of additional factors (MFA) prevents a complete authentication process and, consequently, access to the ZITADEL API. Versions 3.0.0, 2.71.9, and 2.70.10 contain a fix for the issue. No known workarounds other than upgrading are available."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-613", "description": "CWE-613: Insufficient Session Expiration"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-294", "description": "CWE-294: Authentication Bypass by Capture-replay"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-384", "description": "CWE-384: Session Fixation"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-05-06T17:13:53.878Z"}}}, "cveMetadata": {"cveId": "CVE-2025-46815", "state": "PUBLISHED", "dateUpdated": "2025-05-06T18:21:14.384Z", "dateReserved": "2025-04-30T19:41:58.133Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-05-06T17:13:53.878Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The identity infrastructure software ZITADEL offers developers the ability to manage user sessions using the Session API. This API enables the use of IdPs for authentication, known as idp intents. Following a successful idp intent, the client receives an id and token on a predefined URI. These id and token can then be used to authenticate the user or their session. However, prior to versions 3.0.0, 2.71.9, and 2.70.10, it was possible to exploit this feature by repeatedly using intents. This allowed an attacker with access to the application\u2019s URI to retrieve the id and token, enabling them to authenticate on behalf of the user. It's important to note that the use of additional factors (MFA) prevents a complete authentication process and, consequently, access to the ZITADEL API. Versions 3.0.0, 2.71.9, and 2.70.10 contain a fix for the issue. No known workarounds other than upgrading are available."}, {"lang": "es", "value": "El software de infraestructura de identidad ZITADEL ofrece a los desarrolladores la posibilidad de gestionar sesiones de usuario mediante la API de sesi\u00f3n. Esta API permite el uso de proveedores de identidad (IdP) para la autenticaci\u00f3n, conocidos como intentos de IdP. Tras un intento de IdP exitoso, el cliente recibe un ID y un token en una URI predefinida. Estos ID y token pueden utilizarse para autenticar al usuario o su sesi\u00f3n. Sin embargo, antes de las versiones 3.0.0, 2.71.9 y 2.70.10, era posible explotar esta funci\u00f3n mediante el uso repetido de intentos. Esto permit\u00eda a un atacante con acceso a la URI de la aplicaci\u00f3n recuperar el ID y el token, lo que le permit\u00eda autenticarse en nombre del usuario. Es importante tener en cuenta que el uso de factores adicionales (MFA) impide un proceso de autenticaci\u00f3n completo y, en consecuencia, el acceso a la API de ZITADEL. Las versiones 3.0.0, 2.71.9 y 2.70.10 contienen una soluci\u00f3n para este problema. No se conocen workarounds aparte de la actualizaci\u00f3n."}], "id": "CVE-2025-46815", "lastModified": "2025-05-07T14:13:20.483", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.8, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-05-06T18:15:38.697", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/zitadel/zitadel/commit/b1e60e7398d677f08b06fd7715227f70b7ca1162"}, {"source": "security-advisories@github.com", "url": "https://github.com/zitadel/zitadel/releases/tag/v2.70.10"}, {"source": "security-advisories@github.com", "url": "https://github.com/zitadel/zitadel/releases/tag/v2.71.9"}, {"source": "security-advisories@github.com", "url": "https://github.com/zitadel/zitadel/releases/tag/v3.0.0"}, {"source": "security-advisories@github.com", "url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-g4r8-mp7g-85fq"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-294"}, {"lang": "en", "value": "CWE-384"}, {"lang": "en", "value": "CWE-613"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}