Vulnerabilities > Zammad
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-05 | CVE-2025-32357 | Missing Authentication for Critical Function vulnerability in Zammad 6.4.0/6.4.1 In Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to use the Zammad API to fetch knowledge base content that they have no permission for. | 4.3 |
| 2025-04-05 | CVE-2025-32358 | Server-Side Request Forgery (SSRF) vulnerability in Zammad 6.4.0/6.4.1 In Zammad 6.4.x before 6.4.2, SSRF can occur. | 4.1 |
| 2025-04-05 | CVE-2025-32359 | Unspecified vulnerability in Zammad 6.4.0/6.4.1 In Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. | 8.8 |
| 2025-04-05 | CVE-2025-32360 | Unspecified vulnerability in Zammad 6.4.0/6.4.1 In Zammad 6.4.x before 6.4.2, there is information exposure. | 8.1 |
| 2023-12-10 | CVE-2023-50453 | Unspecified vulnerability in Zammad 6.1.0/6.2.0 An issue was discovered in Zammad before 6.2.0. | 5.3 |
| 2023-12-10 | CVE-2023-50454 | Improper Certificate Validation vulnerability in Zammad 6.1.0/6.2.0 An issue was discovered in Zammad before 6.2.0. | 5.9 |
| 2023-12-10 | CVE-2023-50455 | Allocation of Resources Without Limits or Throttling vulnerability in Zammad 6.1.0/6.2.0 An issue was discovered in Zammad before 6.2.0. | 7.5 |
| 2023-12-10 | CVE-2023-50456 | Unspecified vulnerability in Zammad 6.1.0/6.2.0 An issue was discovered in Zammad before 6.2.0. | 5.3 |
| 2023-12-10 | CVE-2023-50457 | Incorrect Authorization vulnerability in Zammad 6.1.0/6.2.0 An issue was discovered in Zammad before 6.2.0. | 4.3 |
| 2023-05-18 | CVE-2023-31597 | Incorrect Authorization vulnerability in Zammad An issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. | 6.5 |