{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-31478", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-03-28T13:36:51.297Z", "datePublished": "2025-04-16T21:28:23.087Z", "dateUpdated": "2026-01-23T16:42:16.303Z"}, "containers": {"cna": {"title": "Zulip Authentication Backend Configuration Bypass", "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "lang": "en", "description": "CWE-287: Improper Authentication", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/zulip/zulip/security/advisories/GHSA-qxfv-j6vg-5rqc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/zulip/zulip/security/advisories/GHSA-qxfv-j6vg-5rqc"}, {"name": "https://github.com/zulip/zulip/commit/b5ab90aaa4a7efdcbf886cb9e7d55fa5bfca3a28", "tags": ["x_refsource_MISC"], "url": "https://github.com/zulip/zulip/commit/b5ab90aaa4a7efdcbf886cb9e7d55fa5bfca3a28"}], "affected": [{"vendor": "zulip", "product": "zulip", "versions": [{"version": "< 10.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-23T16:42:16.303Z"}, "descriptions": [{"lang": "en", "value": "Zulip is an open-source team collaboration tool. Zulip supports a configuration where account creation is limited solely by being able to authenticate with a single-sign on authentication backend, meaning the organization places no restrictions on email address domains or invitations being required to join, but has disabled the EmailAuthBackend that is used for email/password authentication. A bug in the Zulip server means that it is possible to create an account in such organizations, without having an account with the configured SSO authentication backend. This issue is patched in version 10.2. A workaround includes requiring invitations to join the organization prevents the vulnerability from being accessed."}], "source": {"advisory": "GHSA-qxfv-j6vg-5rqc", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-17T13:18:02.995821Z", "id": "CVE-2025-31478", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T13:18:13.288Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-31478", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-17T13:18:02.995821Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T13:18:07.086Z"}}], "cna": {"title": "Zulip Authentication Backend Configuration Bypass", "source": {"advisory": "GHSA-qxfv-j6vg-5rqc", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "zulip", "product": "zulip", "versions": [{"status": "affected", "version": "< 10.2"}]}], "references": [{"url": "https://github.com/zulip/zulip/security/advisories/GHSA-qxfv-j6vg-5rqc", "name": "https://github.com/zulip/zulip/security/advisories/GHSA-qxfv-j6vg-5rqc", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/zulip/zulip/commit/b5ab90aaa4a7efdcbf886cb9e7d55fa5bfca3a28", "name": "https://github.com/zulip/zulip/commit/b5ab90aaa4a7efdcbf886cb9e7d55fa5bfca3a28", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Zulip is an open-source team collaboration tool. Zulip supports a configuration where account creation is limited solely by being able to authenticate with a single-sign on authentication backend, meaning the organization places no restrictions on email address domains or invitations being required to join, but has disabled the EmailAuthBackend that is used for email/password authentication. A bug in the Zulip server means that it is possible to create an account in such organizations, without having an account with the configured SSO authentication backend. This issue is patched in version 10.2. A workaround includes requiring invitations to join the organization prevents the vulnerability from being accessed."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287: Improper Authentication"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-23T16:42:16.303Z"}}}, "cveMetadata": {"cveId": "CVE-2025-31478", "state": "PUBLISHED", "dateUpdated": "2026-01-23T16:42:16.303Z", "dateReserved": "2025-03-28T13:36:51.297Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-04-16T21:28:23.087Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D0AFBC7-4F88-46AC-9EAA-06F81CFB6DEA", "versionEndExcluding": "10.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Zulip is an open-source team collaboration tool. Zulip supports a configuration where account creation is limited solely by being able to authenticate with a single-sign on authentication backend, meaning the organization places no restrictions on email address domains or invitations being required to join, but has disabled the EmailAuthBackend that is used for email/password authentication. A bug in the Zulip server means that it is possible to create an account in such organizations, without having an account with the configured SSO authentication backend. This issue is patched in version 10.2. A workaround includes requiring invitations to join the organization prevents the vulnerability from being accessed."}, {"lang": "es", "value": "Zulip es una herramienta de colaboraci\u00f3n en equipo de c\u00f3digo abierto. Zulip admite una configuraci\u00f3n donde la creaci\u00f3n de cuentas est\u00e1 limitada \u00fanicamente por la autenticaci\u00f3n con un backend de inicio de sesi\u00f3n \u00fanico. Esto significa que la organizaci\u00f3n no impone restricciones sobre los dominios de correo electr\u00f3nico ni las invitaciones requeridas para unirse, pero ha deshabilitado el EmailAuthBackend utilizado para la autenticaci\u00f3n de correo electr\u00f3nico y contrase\u00f1a. Un error en el servidor de Zulip permite crear una cuenta en estas organizaciones sin tener una cuenta con el backend de autenticaci\u00f3n SSO configurado. Este problema se ha corregido en la versi\u00f3n 10.2. Un workaround consiste en requerir invitaciones para unirse a la organizaci\u00f3n, lo que impide el acceso a la vulnerabilidad."}], "id": "CVE-2025-31478", "lastModified": "2026-01-23T17:16:06.707", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-04-16T22:15:14.233", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/zulip/zulip/commit/b5ab90aaa4a7efdcbf886cb9e7d55fa5bfca3a28"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/zulip/zulip/security/advisories/GHSA-qxfv-j6vg-5rqc"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}