Description

Zulip is an open-source team chat application. Starting in version 10.0 and prior to version 10.3, the "Who can create public channels" access control mechanism can be circumvented by creating a private or web-public channel, and then changing the channel privacy to public. A similar technique works for creating private channels without permission, though such a process requires either the API or modifying the HTML, as we do mark the "private" radio button as disabled in such cases. Version 10.3 contains a patch.

INFO

Published Date :

2025-05-15T23:17:29.829Z

Last Modified :

2025-05-16T13:19:46.691Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-47930 vulnerability.

Vendors Products
Zulip
  • Zulip
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-47930.

URL Resource
https://github.com/zulip/zulip/commit/d2ff4bda4c3efa30fc3ab1f151255cfdbf370f78 cve-icon cve-icon
https://github.com/zulip/zulip/security/advisories/GHSA-rqg7-xfqg-v7q5 cve-icon cve-icon
https://zulip.com/help/configure-who-can-create-channels cve-icon cve-icon
https://zulip.readthedocs.io/en/latest/overview/changelog.html#zulip-server-10-3 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact