CVE-2025-47930
Zulip "Who can create public channels" access control mechanism flawed in version 10.0 - 10.2
Overview
This vulnerability affects Zulip team chat application versions 10.0 - 10.2. It allows the circumvention of "Who can create public channels" access control mechanism through a loophole that's exploited by changing the channel's privacy settings to public.
Technical Details
The flaw resides in the access control mechanism of Zulip versions 10.0 - 10.2. An unauthorized user can create a private or web-public channel, and then manipulate its privacy setting to public. A patch is provided in version 10.3.
CVSS Metrics
- Attack vector: NETWORK
- Attack complexity: LOW
- Privileges Required: LOW
- User Interaction: NONE
- Vulnerability Confidentiality: NONE
- Vulnerability Integrity: LOW
- Vulnerability Availability: NONE
Impact
This vulnerability allows any user to create a public channel, even when not permitted to do so, by exploiting the flaw in the access control system.
Recommendations
Upgrade to Zulip version 10.3 that contains a patch for this vulnerability.
Threat Metrics
- "cvss_score": 5.3
- "severity": "MEDIUM"
- "attack_vector": "NETWORK"
- "attack_complexity": "LOW"
- "privileges_required": "LOW"
- "user_interaction": "NONE"
- "vuln_integrity_impact": "LOW"