cbcvebase.
CVE-2025-67495
published 2025-12-09

CVE-2025-67495: ZITADEL is an open-source identity infrastructure tool. Versions 4.0.0-rc.1 through 4.7.0 are vulnerable to DOM-Based XSS through the Zitadel V2 logout…

PriorityP433medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.26%
17.3th percentile
ZITADEL is an open-source identity infrastructure tool. Versions 4.0.0-rc.1 through 4.7.0 are vulnerable to DOM-Based XSS through the Zitadel V2 logout endpoint. The /logout endpoint insecurely routes to a value that is supplied in the post_logout_redirect GET parameter. As a result, unauthenticated remote attacker can execute malicious JS code on Zitadel users’ browsers. To carry out an attack, multiple user sessions need to be active in the same browser, however, account takeover is mitigated when using Multi-Factor Authentication (MFA) or Passwordless authentication. This issue is fixed in version 4.7.1.

Affected

9 ranges
VendorProductVersion rangeFixed in
github.comzitadel_zitadel>= 0 < 1.80.0-v2.20.0.20251208091519-4c879b47334e1.80.0-v2.20.0.20251208091519-4c879b47334e
github.comzitadel_zitadel1.83.4 – 1.87.5
github.comzitadel_zitadel>= 1.83.4
github.comzitadel_zitadel>= 4.0.0-rc.1 < 4.7.14.7.1
github.comzitadel_zitadel_v2>= 0 < 1.80.0-v2.20.0.20251208091519-4c879b47334e1.80.0-v2.20.0.20251208091519-4c879b47334e
zitadelzitadel< 1.80.0-v2.20.0.20251208091519-4c879b47334e1.80.0-v2.20.0.20251208091519-4c879b47334e
zitadelzitadel
zitadelzitadel
zitadelzitadel>= 4.0.0 < 4.7.14.7.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.