CVE-2025-67494 — CRITICAL (9.3)

Q: How severe is CVE-2025-67494?

CVE-2025-67494 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2025-67494?

Check the references section above for vendor advisories and patch information. Affected products include: Zitadel Zitadel.

Vulnerability Description

ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI (V2) treats the x-zitadel-forward-host header as a trusted fallback for all deployments, including self-hosted instances. This allows an unauthenticated attacker to force the server to make HTTP requests to arbitrary domains, such as internal addresses, and read the responses, enabling data exfiltration and bypassing network-segmentation controls. This issue is fixed in version 4.7.1.

CVSS Score

9.3

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Zitadel	Zitadel	>= 4.0.0, < 4.7.1

Related Weaknesses (CWE)

CWE-918

References

FAQ

What is CVE-2025-67494?

CVE-2025-67494 is a vulnerability with a CVSS score of 9.3 (CRITICAL). ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI (V2) treats the x-zitadel-forw...

How severe is CVE-2025-67494?

CVE-2025-67494 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-67494?

Check the references section above for vendor advisories and patch information. Affected products include: Zitadel Zitadel.