CVE-2025-30368
Published: 31 March 2025
Summary
CVE-2025-30368 is a low-severity Authorization Bypass Through User-Controlled SQL Primary Key (CWE-566) vulnerability in Zulip Zulip. Its CVSS base score is 2.7 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique File Deletion (T1070.004); ranked at the 49.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-8837
Vulnerability details
Zulip is an open-source team collaboration tool. The API for deleting an organization export is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore,…
more
an administrator of any organization was incorrectly allowed to delete an export of a different organization. This is fixed in Zulip Server 10.1.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The authorization bypass allows organization admins to delete data exports of other organizations, enabling unauthorized file deletion for impact (T1107) and inhibiting recovery by removing data export backups/snapshots (T1490).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.