A critical Insecure Direct Object Reference (IDOR) vulnerability chain in ZITADEL’s administration interface (CVE-2025-27507) has exposed organizations to systemic risks of account takeover and configuration tampering. Rated 9.0/10 on the CVSS v3.1 scale, these flaws enable authenticated low-privilege users to manipulate LDAP authentication settings and other sensitive parameters through ZITADEL’s Admin API endpoints. The vulnerabilities […]
The post ZITADEL IDOR Vulnerabilities Let Attackers Modify Sensitive Settings appeared first on Cyber Security News.
This article has been indexed from Cyber Security News