What is CVE-2025-30368?

CVE-2025-30368 is a low-severity vulnerability in Zulip, classified under Authorization Bypass Through User-Controlled SQL Primary Key. CVSS score: 2.7/10. Published 2025-03-31.

How severe is CVE-2025-30368?

Low severity. CVSS v3 base score is 2.7 out of 10.

Vulnerability in Zulip

CVE-2025-30368

Zulip is an open-source team collaboration tool. The API for deleting an organization export is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as th…

EPSS: 0.003 (49.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.7 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N.

Affected products

Zulip — versions >= 10.0-beta1, < 10.1

Weakness classification (CWE)

CWE-566 — Authorization Bypass Through User-Controlled SQL Primary Key

References

https://github.com/zulip/zulip/security/advisories/GHSA-rmhr-5ffq-qcrc (x_refsource_CONFIRM)
https://github.com/zulip/zulip/commit/07dcee36b2a34d63429d7a706f880628cf3433df (x_refsource_MISC)
https://zulip.readthedocs.io/en/latest/overview/changelog.html#zulip-server-10-1 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-30368?: CVE-2025-30368 is a low-severity vulnerability in Zulip, classified under Authorization Bypass Through User-Controlled SQL Primary Key. CVSS score: 2.7/10. Published 2025-03-31.
How severe is CVE-2025-30368?: Low severity. CVSS v3 base score is 2.7 out of 10.