CVE-2025-32357

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-32357

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32357.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-32357

Published

2025-04-05T21:15:39.450Z

Modified

2026-03-12T20:18:45.095346Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

In Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to use the Zammad API to fetch knowledge base content that they have no permission for.

References

https://zammad.com/en/advisories/zaa-2025-04

Affected packages

Git / github.com/zammad/zammad

Affected ranges

Type

GIT

Repo

https://github.com/zammad/zammad

Events

Introduced

1f09f838a2c9e484bb4f47e1abeeca3d763d4e7d

Fixed

b775416be8964f23173fde0c64e2974ab6a1bb74

Database specific

{
    "versions": [
        {
            "introduced": "6.4.0"
        },
        {
            "fixed": "6.4.2"
        }
    ]
}

Affected versions

6.*

6.4.0

6.4.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32357.json"