{"id":38100,"date":"2025-05-14T13:49:08","date_gmt":"2025-05-14T13:49:08","guid":{"rendered":""},"modified":"2025-09-03T04:05:57","modified_gmt":"2025-09-03T10:05:57","slug":"cve-2025-46815-zitadel-identity-infrastructure-software-vulnerability","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-46815-zitadel-identity-infrastructure-software-vulnerability\/","title":{"rendered":"<strong>CVE-2025-46815: ZITADEL Identity Infrastructure Software Vulnerability<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The CVE-2025-46815 is a vulnerability found in the identity infrastructure software ZITADEL. This software is primarily used by developers for managing user sessions using the Session API. The vulnerability allows for exploitation of the software&#8217;s idp intents feature that could <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-4050-heap-corruption-in-google-chrome-devtools-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"43080\">potentially lead to system<\/a> compromise or data leakage. This vulnerability is particularly significant as it affects any organization or individual that uses versions of ZITADEL prior to 3.0.0, 2.71.9, and 2.70.10, <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-49129-stack-overflow-vulnerability-in-solid-edge-se2023-allows-potential-system-compromise\/\"  data-wpil-monitor-id=\"43615\">potentially exposing their system<\/a> to unauthorized access.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-46815<br \/>\nSeverity: High, CVSS score of 8.0<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: Low<br \/>\nUser Interaction: Required<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-4372-webaudio-heap-corruption-in-google-chrome-a-potential-gateway-to-system-compromise-and-data-leakage\/\"  data-wpil-monitor-id=\"43794\">System compromise and potential data<\/a> leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-2735372256\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>ZITADEL | <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-47269-session-token-exposure-in-code-server-prior-to-version-4-99-4\/\"  data-wpil-monitor-id=\"46770\">Versions prior<\/a> to 3.0.0, 2.71.9, 2.70.10<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The exploit works by taking advantage of ZITADEL&#8217;s idp intents feature. Upon successful idp intent, the client receives an id and token on a predefined URI. These id and token are then used to authenticate the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-46827-graylog-open-log-management-platform-user-session-cookie-exposure\/\"  data-wpil-monitor-id=\"47646\">user or their session<\/a>. In <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-48865-manipulation-of-x-forwarded-headers-in-fabio-prior-to-version-1-6-6\/\"  data-wpil-monitor-id=\"58323\">versions prior<\/a> to 3.0.0, 2.71.9, and 2.70.10, an attacker can exploit this feature by repeatedly using intents. With access to the application\u2019s URI, the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-49151-unauthenticated-attackers-can-forge-json-web-tokens-in-microsens-nmp-web\/\"  data-wpil-monitor-id=\"64564\">attacker can retrieve the id and token<\/a>, and authenticate on behalf of the user.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-1347603851\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>This is a conceptual example of how the vulnerability might be exploited:<\/p>\n<pre><code class=\"\" data-line=\"\">GET \/intent\/idp HTTP\/1.1\nHost: target.example.com\n{\n&quot;id&quot;: &quot;repeatedly-generated-id&quot;,\n&quot;token&quot;: &quot;repeatedly-generated-token&quot;\n}<\/code><\/pre>\n<p>The attacker would repeatedly send this GET request, using repeatedly <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-6441-unauthenticated-login-token-generation-vulnerability-in-webinarignition-wordpress-plugin\/\"  data-wpil-monitor-id=\"68931\">generated id and token<\/a>, to the URI where the client receives them. Successful exploitation would allow the attacker to authenticate on behalf of the user, <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-4347-d-link-router-buffer-overflow-vulnerability-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"43614\">potentially compromising the system and leading<\/a> to data leakage.<\/p>\n<p><strong>Recommended Mitigations<\/strong><\/p>\n<p>The best mitigation for this <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-2775-unauthenticated-xxe-vulnerability-in-sysaid-on-prem-versions-leading-to-administrator-account-takeover\/\"  data-wpil-monitor-id=\"43846\">vulnerability is to upgrade to ZITADEL versions<\/a> 3.0.0, 2.71.9, or 2.70.10, which contain a fix for the issue. If upgrading is not an immediate option, implementing a Web Application Firewall (WAF) or Intrusion Detection System (IDS) can serve as a temporary mitigation. However, these measures may not completely <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-1411-exploitation-of-unnecessary-privileges-in-ibm-security-verify-directory-container\/\"  data-wpil-monitor-id=\"78138\">secure the system from exploitation<\/a>. As such, upgrading the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-20188-cisco-ios-xe-software-for-wireless-lan-controllers-security-vulnerability\/\"  data-wpil-monitor-id=\"44063\">software to the secure<\/a> versions is highly recommended.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The CVE-2025-46815 is a vulnerability found in the identity infrastructure software ZITADEL. This software is primarily used by developers for managing user sessions using the Session API. The vulnerability allows for exploitation of the software&#8217;s idp intents feature that could potentially lead to system compromise or data leakage. This vulnerability is particularly significant as [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-38100","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/38100","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=38100"}],"version-history":[{"count":11,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/38100\/revisions"}],"predecessor-version":[{"id":70510,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/38100\/revisions\/70510"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=38100"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=38100"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=38100"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=38100"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=38100"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=38100"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=38100"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=38100"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=38100"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}