Information Disclosure Vulnerability in ZITADEL Identity Infrastructure Tool
CVE-2025-67717

5.3MEDIUM

Key Information:

Vendor: Zitadel
Status: Zitadel
Vendor: CVE Published:; 11 December 2025

What is CVE-2025-67717?

An information disclosure vulnerability exists in the ZITADEL Identity Infrastructure Tool due to a flaw in handling user instance data. This vulnerability may allow authenticated users to view the total number of users in the system through the totalResult field, which could be sensitive in specific contexts. Although individual user information is not exposed, it still poses a risk to the information security posture of the affected systems. Users are encouraged to upgrade to versions 3.4.5 or 4.7.2 to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

zitadel < 1.80.0-v2.20.0.20251210 < 1.80.0-v2.20.0.20251210

zitadel >= 2.44.0, < 3.4.5 < 2.44.0, 3.4.5

zitadel >= 4.0.0-rc.1, < 4.7.2 < 4.0.0-rc.1, 4.7.2

References

https://github.com/zitadel/zitadel/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/zitadel/zitadel/commit/826039c6208fe71...

x_refsource_MISC

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Dec 11, 2025
Vulnerability Reserved
Dec 10, 2025

JSON

Zitadel

What is CVE-2025-67717?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.