CVE-2025-67717

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-67717

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67717.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-67717

Aliases

Published

2025-12-11T00:30:19.192Z

Modified

2025-12-15T20:41:12.202405Z

Severity

5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

Zitadel Discloses the Total Number of Instance Users

Details

ZITADEL is an open-source identity infrastructure tool. Versions 2.44.0 through 3.4.4 and 4.0.0-rc.1 through 4.7.1 disclose the total number of instance users to authenticated users, regardless of their specific permissions. While this does not leak individual user data or PII, disclosing the total user count via the totalResult field constitutes an information disclosure vulnerability that may be sensitive in certain contexts. This issue is fixed in versions 3.4.5 and 4.7.2.

Database specific

{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/67xxx/CVE-2025-67717.json",
    "cwe_ids": [
        "CWE-497"
    ]
}

References

Affected packages

Git / github.com/zitadel/zitadel

Affected ranges

Type

GIT

Repo

https://github.com/zitadel/zitadel

Events

Introduced

d3bb9c9b3b6091a58d4d831b0a494bd8518c3810

Fixed

e6b5f559f08a4b4a9d3d38aa5f9a31cfebf46d1b

Database specific

{
    "versions": [
        {
            "introduced": "2.44.0"
        },
        {
            "fixed": "3.4.5"
        }
    ]
}

Type

GIT

Repo

https://github.com/zitadel/zitadel

Events

Introduced

8f0b7ebf028187e84881694bb931cbe33604e308

Fixed

0e17d0005a98ccbf92139961ef702ef03208ffd3

Database specific

{
    "versions": [
        {
            "introduced": "4.0.0-rc.1"
        },
        {
            "fixed": "4.7.2"
        }
    ]
}

Affected versions

v2.*

v2.44.0

v2.44.1

v2.44.2

v2.45.0

v2.46.0

v2.47.0

v2.47.1

v2.47.2

v2.47.3

v2.47.4

v2.47.5

v2.47.6

v2.48.0

v2.48.1

v2.48.2

v2.48.3

v2.49.0

v2.49.1

v2.49.2

v2.49.3

v2.50.0

v2.50.1

v2.50.2

v2.50.3

v2.50.4

v2.50.5

v2.51.0

v2.51.1

v2.51.2

v2.51.3

v2.51.4

v2.52.0

v2.52.0-rc.1

v2.52.0-rc.2

v2.52.1

v2.53.0

v2.53.0-rc.1

v2.53.1

v2.53.2

v2.54.0

v2.54.1

v2.54.2

v2.54.3

v2.55.0

v2.55.0-rc.1

v2.55.1

v2.55.2

v2.56.0

v2.56.0-rc.1

v2.56.0-rc.2

v2.56.0-rc.3

v2.56.0-rc.4

v2.56.1

v2.57.0

v2.58.0

v2.58.1

v2.58.2

v2.58.3

v2.59.0

v2.59.1

v2.60.0

v2.61.0

v2.62.0

v2.62.1

v2.62.2

v2.62.3

v2.63.0

v2.63.1

v2.63.2

v2.63.3

v2.63.4

v2.64.0

v2.64.1

v2.65.0

v2.65.1

v2.65.2

v2.65.3

v2.65.4

v2.66.0

v2.66.1

v2.66.2

v2.66.3

v2.67.0

v2.67.1

v2.67.2

v2.67.3

v2.67.4

v2.68.0

v2.68.1

v2.69.0

v2.69.1

v2.69.2

v2.69.3

v2.70.0

v2.70.1

v2.71.0

v2.71.1

v2.71.2

v2.71.3

v2.71.4

v2.71.5

v2.71.6

v2.71.7

v2.71.8

v3.*

v3.0.0

v3.0.0-rc.1

v3.0.0-rc.2

v3.0.0-rc.3

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.1.0

v3.2.0

v3.2.1

v3.2.2

v3.2.3

v3.3.0

v3.3.1

v3.3.2

v3.3.3

v3.3.4

v3.3.5

v3.3.6

v3.4.0

v3.4.1

v3.4.2

v3.4.3

v3.4.4

v4.*

v4.0.0

v4.0.0-rc.1

v4.0.0-rc.2

v4.0.0-rc.3

v4.0.0-rc.4

v4.0.1

v4.0.2

v4.0.3

v4.1.0

v4.1.1

v4.1.2

v4.1.3

v4.1.4

v4.2.0

v4.2.1

v4.2.2

v4.3.0

v4.3.1

v4.3.2

v4.3.3

v4.4.0

v4.5.0

v4.6.0

v4.6.1

v4.6.2

v4.6.3

v4.6.4

v4.6.5

v4.6.6

v4.7.0

v4.7.1