Access Control Flaw in NATS-Server Affects Cloud Messaging Management
CVE-2025-30215

9.6CRITICAL

Key Information:

Vendor: Nats-io
Status: Nats-server
Vendor: CVE Published:; 16 April 2025

What is CVE-2025-30215?

The NATS-Server, a high-performance messaging server for NATS.io, suffers from an access control flaw affecting versions ranging from 2.2.0 to 2.10.26, as well as 2.11.0. Specifically, this vulnerability allows users with JetStream management permissions in any account to execute administrative actions on JetStream assets belonging to other accounts. This includes access to unprotected APIs that could lead to data destruction while preventing the disclosure of stream contents. To mitigate this risk, users should upgrade to NATS-Server version 2.11.1 or 2.10.27.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

nats-server >= 2.2.0, < 2.10.27 < 2.2.0, 2.10.27

nats-server >= 2.11.0-RC.1, < 2.11.1 < 2.11.0-RC.1, 2.11.1

References

https://github.com/nats-io/nats-server/security/advisorie...

x_refsource_CONFIRM

https://advisories.nats.io/CVE/secnote-2025-01.txt

x_refsource_MISC

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 16, 2025

JSON

Nats-io

What is CVE-2025-30215?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.