CVE-2025-30215

Summary

CVE-2025-30215 is a vulnerability affecting NATS-Server, a high-performance server for NATS.io's cloud and edge native messaging system. In versions 2.2.0 to 2.10.26 and 2.11.0, the management of JetStream assets is done with messages in the $JS. subject namespace using messages in the system account. However, this functionality is partially exposed to regular accounts, enabling users with JS management permissions to perform administrative actions on any JS asset in other accounts. One of these unprotected APIs allows for data destruction, but does not disclose stream contents. The vulnerability is resolved in versions 2.11.1 and 2.10.27.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.