cvedb.io
CVE-2025-47930
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2025-05-16T00:15:18.840 · Last modified 2026-06-17T09:28:51.130

Summary

Zulip is an open-source team chat application. Starting in version 10.0 and prior to version 10.3, the "Who can create public channels" access control mechanism can be circumvented by creating a private or web-public channel, and then changing the channel privacy to public. A similar technique works for creating private channels without permission, though such a process requires either the API or modifying the HTML, as we do mark the "private" radio button as disabled in such cases. Version 10.3 contains a patch.

Affected products

zulip — zulip

Does this affect you?

Add your gear to cvedb and we'll alert you only when zulip ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.