What is CVE-2025-30369?

CVE-2025-30369 is a low-severity vulnerability in Zulip, classified under Authorization Bypass Through User-Controlled SQL Primary Key. CVSS score: 2.7/10. Published 2025-03-31.

How severe is CVE-2025-30369?

Low severity. CVSS v3 base score is 2.7 out of 10.

Vulnerability in Zulip

CVE-2025-30369

Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same orga…

EPSS: 0.002 (41.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.7 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N.

Affected products

Zulip — versions >= 1.6.0, < 10.1

Weakness classification (CWE)

CWE-566 — Authorization Bypass Through User-Controlled SQL Primary Key

References

https://github.com/zulip/zulip/security/advisories/GHSA-fcgx-q63f-7gw4 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2025-30369?: CVE-2025-30369 is a low-severity vulnerability in Zulip, classified under Authorization Bypass Through User-Controlled SQL Primary Key. CVSS score: 2.7/10. Published 2025-03-31.
How severe is CVE-2025-30369?: Low severity. CVSS v3 base score is 2.7 out of 10.