Identity Infrastructure Vulnerability in Zitadel Affecting Token Authorization
CVE-2025-31123

8.7HIGH

Key Information:

Vendor

Zitadel

Status
Zitadel
Vendor
CVE Published:
31 March 2025

What is CVE-2025-31123?

A vulnerability in Zitadel, the open-source identity infrastructure software, allows attackers to exploit expired JWT keys to retrieve valid access tokens. The issue arises from Zitadel's failure to adequately check the expiration date of JWT keys used in Authorization Grants, potentially granting unauthorized access. Notably, this vulnerability does not impact the correct validation processes for JWT Profile in OAuth 2.0 Client Authentication on Token and Introspection endpoints. A patch has been issued addressing this issue in the latest versions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

zitadel >= 2.62.0, < 2.63.9 < 2.62.0, 2.63.9

zitadel >= 2.64.0-rc.1, < 2.64.6 < 2.64.0-rc.1, 2.64.6

zitadel >= 2.65.0-rc.1, < 2.65.7 < 2.65.0-rc.1, 2.65.7

References

https://github.com/zitadel/zitadel/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/zitadel/zitadel/commit/315503beabd679f...
x_refsource_MISC
https://github.com/zitadel/zitadel/releases/tag/v2.63.9
x_refsource_MISC

CVSS V3.1

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.