exploitDog

CVE-2025-7974

Опубликовано: 02 сент. 2025

Источник: nvd

CVSS3: 3.7

CVSS3: 7.5

EPSS Низкий

Описание

rocket.chat Incorrect Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of rocket.chat. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the web service, which listens on TCP port 3000 by default. The issue results from incorrect authorization. An attacker can leverage this vulnerability to disclose information in the context of the application. Was ZDI-CAN-26517.

Ссылки

https://www.zerodayinitiative.com/advisories/ZDI-25-627/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*

Версия от 7.4.0 (включая) до 7.4.4 (исключая)

cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*

Версия от 7.5.0 (включая) до 7.5.3 (исключая)

cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*

Версия от 7.6.0 (включая) до 7.6.4 (исключая)

cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*

Версия от 7.7.0 (включая) до 7.7.2 (исключая)

cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*

Версия от 7.7.2 (исключая) до 7.8.0 (исключая)

EPSS

Процентиль: 21%

0.00066

Низкий

3.7 Low

CVSS3

7.5 High

CVSS3

Дефекты

CWE-863

Связанные уязвимости

GHSA-3fwv-m349-pfjm

CVSS3: 3.7

github

5 месяцев назад

rocket.chat Incorrect Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of rocket.chat. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 3000 by default. The issue results from incorrect authorization. An attacker can leverage this vulnerability to disclose information in the context of the application. Was ZDI-CAN-26517.

EPSS

Процентиль: 21%

0.00066

Низкий

3.7 Low

CVSS3

7.5 High

CVSS3

Дефекты

CWE-863