Home > Vulnerability Database > CVE-2025-67717

Mend.io Vulnerability Database

CVE-2025-67717

Good to know:

Date: December 10, 2025

ZITADEL is an open-source identity infrastructure tool. Versions 2.44.0 through 3.4.4 and 4.0.0-rc.1 through 4.7.1 disclose the total number of instance users to authenticated users, regardless of their specific permissions. While this does not leak individual user data or PII, disclosing the total user count via the totalResult field constitutes an information disclosure vulnerability that may be sensitive in certain contexts. This issue is fixed in versions 3.4.5 and 4.7.2.

Severity Score

4.3

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-67717

Url: https://github.com/zitadel/zitadel/commit/826039c6208fe71df57b3a94c982b5ac5b0af12c

Url: https://github.com/zitadel/zitadel/security/advisories/GHSA-f4cf-9rvr-2rcx

Url: https://github.com/zitadel/zitadel

Url: https://www.mend.io/vulnerability-database/CVE-2025-67717

Severity Score

4.3

Weakness Type (CWE)

Exposure of Sensitive System Information to an Unauthorized Control Sphere

CWE-497

Top Fix

Upgrade Version

Upgrade to version github.com/zitadel/zitadel - v4.7.2;github.com/zitadel/zitadel - v3.4.5;github.com/zitadel/zitadel - v1.80.0-v2.20.0.20251210121356-826039c6208f;https://github.com/zitadel/zitadel.git - v3.4.5;https://github.com/zitadel/zitadel.git - v4.7.2

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-67717

Good to know:

Date: December 10, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?