CVE-2025-27149
Zulip exports can leak private data
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Zulip server provides an open-source team chat that helps teams stay productive and focused. Prior to 10.0, the data export to organization administrators feature in Zulip leaks private data. The collection of user-agent types identifying specific integrations or HTTP libraries (E.g., ZulipGitlabWebhook, okhttp, or PycURL) that have been used to access any organization on the server was incorrectly included in all three export types, regardless of if they were used to access the exported organization or not. The "public data" and "with consent" exports metadata including the titles of some topics in private channels which the administrator otherwise did not have access to, and none of the users consented to exporting and metadata for which users were in a group DM together. This vulnerability is fixed in 10.0.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2025-02-19 CVE Reserved
- 2025-03-31 CVE Published
- 2025-03-31 CVE Updated
- 2025-04-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://github.com/zulip/zulip/security/advisories/GHSA-358p-x39m-99mm | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zulip Search vendor "Zulip" | Zulip Search vendor "Zulip" for product "Zulip" | >= 2.1.0 < 10.0 Search vendor "Zulip" for product "Zulip" and version " >= 2.1.0 < 10.0" | en |
Affected
| ||||||