CVE-2025-30369

CVSS 3.1 Score 2.7 of 10 (low)

Details

Published Mar 31, 2025

Updated: Apr 1, 2025

CWE ID 566

Summary

CVE-2025-30369 is a vulnerability affecting Zulip, an open-source team collaboration tool. The issue lies with the API for deleting an organization's custom profile field, which was intended to be accessible only to organization administrators. However, the handler failed to authenticate that the field belongs to the same organization as the user, resulting in unauthorized deletion of custom profile fields for other organizations. This vulnerability has been resolved in Zulip Server 10.1.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/4j_-nn
https://www.cve.org/CVERecord?id=CVE-2025-30369
https://nvd.nist.gov/vuln/detail/CVE-2025-30369

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2025-30369

CVSS 3.1 Score 2.7 of 10 (low)

Details

Summary

Advisories, Assessments, and Mitigations