← back
CVE-2025-32357

CVE-2025-32357

CVSS 4.3 MEDIUMEPSS 0.2%CWE-288
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
05 Apr 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to use the Zammad API to fetch knowledge base content that they have no permission for.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
Zammad · Zammad

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://zammad.com/en/advisories/zaa-2025-04