ZITADEL Vulnerable to Account Takeover via DOM-Based XSS in Zitadel...

8 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

Description

ZITADEL is an open-source identity infrastructure tool. Versions 4.0.0-rc.1 through 4.7.0 are vulnerable to DOM-Based XSS through the Zitadel V2 logout endpoint. The /logout endpoint insecurely routes to a value that is supplied in the post_logout_redirect GET parameter. As a result, unauthenticated remote attacker can execute malicious JS code on Zitadel users’ browsers. To carry out an attack, multiple user sessions need to be active in the same browser, however, account takeover is mitigated when using Multi-Factor Authentication (MFA) or Passwordless authentication. This issue is fixed in version 4.7.1.

Basic Information

ID CVE-2025-67495

Source GitHub_M

Published Dec 9, 2025 at 22:38

Affected Product

Vendor zitadel

Product zitadel

Version < 1.80.0-v2.20.0.20251208091519-4c879b47334e

Affected Versions zitadel zitadel < 1.80.0-v2.20.0.20251208091519-4c879b47334e
zitadel zitadel >= 1.83.4, <= 1.87.5
zitadel zitadel >= 4.0.0-rc.1, < 4.7.1

CWE Classification

CWE-79

References

{
    "lastseen": "",
    "description": "ZITADEL is an open-source identity infrastructure tool. Versions 4.0.0-rc.1 through 4.7.0 are vulnerable to DOM-Based XSS through the Zitadel V2 logout endpoint. The /logout endpoint insecurely routes to a value that is supplied in the post_logout_redirect GET parameter. As a result, unauthenticated remote attacker can execute malicious JS code on Zitadel users\u2019 browsers. To carry out an attack, multiple user sessions need to be active in the same browser, however, account takeover is mitigated  when using Multi-Factor Authentication (MFA) or Passwordless authentication. This issue is fixed in version 4.7.1.",
    "published": "2025-12-09T22:38:44.327Z",
    "modified": "2025-12-09T22:38:44.327Z",
    "type": "cve",
    "title": "ZITADEL Vulnerable to Account Takeover via DOM-Based XSS in Zitadel V2 Login",
    "source": "GitHub_M",
    "references": "https://github.com/zitadel/zitadel/security/advisories/GHSA-v959-qxv6-6f8p\nhttps://github.com/zitadel/zitadel/commit/4c879b47334e01d4fcab921ac1b44eda39acdb96",
    "id": "CVE-2025-67495",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "zitadel zitadel < 1.80.0-v2.20.0.20251208091519-4c879b47334e\nzitadel zitadel >= 1.83.4, <= 1.87.5\nzitadel zitadel >= 4.0.0-rc.1, < 4.7.1",
    "sourceHref": "",
    "cvss": {
        "score": 8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "zitadel",
    "version": "< 1.80.0-v2.20.0.20251208091519-4c879b47334e",
    "vendor": "zitadel",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

ZITADEL Vulnerable to Account Takeover via DOM-Based XSS in Zitadel V2 Login_CVE-2025-67495