Vulnerability Database

309,136

Total vulnerabilities in the database

CVE-2025-30369

Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any organization was incorrectly allowed to delete custom profile fields belonging to a different organization. This is fixed in Zulip Server 10.1.

Published: Mar 31, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-30369
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 2.7
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

CWEs:

CWE-566

Affected Software
References

Software	From	Fixed in
zulip / zulip_server	1.6.0	10.1

https://github.com/zulip/zulip/security/advisories/GHSA-fcgx-q63f-7gw4

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo