Cyber Resilience

CVE-2025-30368

Low

Published: 31 March 2025

Published
31 March 2025
Modified
27 August 2025
KEV Added
Patch
CVSS Score v3.1 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
EPSS Score 0.0026 49.7th percentile
Risk Priority 6 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-30368 is a low-severity Authorization Bypass Through User-Controlled SQL Primary Key (CWE-566) vulnerability in Zulip Zulip. Its CVSS base score is 2.7 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique File Deletion (T1070.004); ranked at the 49.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Zulip is an open-source team collaboration tool. The API for deleting an organization export is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore,…

more

an administrator of any organization was incorrectly allowed to delete an export of a different organization. This is fixed in Zulip Server 10.1.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
T1490 Inhibit System Recovery Impact
Adversaries may delete or remove built-in data and turn off services designed to aid in the recovery of a corrupted system to prevent recovery.
Why these techniques?

The authorization bypass allows organization admins to delete data exports of other organizations, enabling unauthorized file deletion for impact (T1107) and inhibiting recovery by removing data export backups/snapshots (T1490).

Affected Assets

zulip
zulip
10.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References