Close Menu
    DevStackTipsDevStackTips
    • Home
    • News & Updates
      1. Tech & Work
      2. View All

      GitHub’s CEO Thomas Dohmke steps down, triggering tighter integration of company within Microsoft

      August 12, 2025

      bitHuman launches SDK for creating AI avatars

      August 12, 2025

      Designing With AI, Not Around It: Practical Advanced Techniques For Product Design Use Cases

      August 11, 2025

      Why Companies Are Investing in AI-Powered React.js Development Services in 2025

      August 11, 2025

      I found a Google Maps alternative that won’t track you or drain your battery – and it’s free

      August 12, 2025

      I tested this new AI podcast tool to see if it can beat NotebookLM – here’s how it did

      August 12, 2025

      Microsoft’s new update makes your taskbar a productivity hub – here’s how

      August 12, 2025

      Save $50 on the OnePlus Pad 3 plus get a free gift – here’s the deal

      August 12, 2025
    • Development
      1. Algorithms & Data Structures
      2. Artificial Intelligence
      3. Back-End Development
      4. Databases
      5. Front-End Development
      6. Libraries & Frameworks
      7. Machine Learning
      8. Security
      9. Software Engineering
      10. Tools & IDEs
      11. Web Design
      12. Web Development
      13. Web Security
      14. Programming Languages
        • PHP
        • JavaScript
      Featured

      Laravel Global Scopes: Automatic Query Filtering

      August 12, 2025
      Recent

      Laravel Global Scopes: Automatic Query Filtering

      August 12, 2025

      Building MCP Servers in PHP

      August 12, 2025

      Filament v4 is Stable!

      August 12, 2025
    • Operating Systems
      1. Windows
      2. Linux
      3. macOS
      Featured

      I Asked OpenAI’s New Open-Source AI Model to Complete a Children’s School Test — Is It Smarter Than a 10-Year-Old?

      August 12, 2025
      Recent

      I Asked OpenAI’s New Open-Source AI Model to Complete a Children’s School Test — Is It Smarter Than a 10-Year-Old?

      August 12, 2025

      Madden NFL 26 Leads This Week’s Xbox Drops—But Don’t Miss These Hidden Gems

      August 12, 2025

      ASUS G14 Bulked Up for 2025—Still Sexy, Just a Bit Chonkier

      August 12, 2025
    • Learning Resources
      • Books
      • Cheatsheets
      • Tutorials & Guides
    Home»Security»Common Vulnerabilities and Exposures (CVEs)»CVE-2025-46815 – ZITADEL IdP Intent Session Token Abuse

    CVE-2025-46815 – ZITADEL IdP Intent Session Token Abuse

    May 6, 2025

    CVE ID : CVE-2025-46815

    Published : May 6, 2025, 6:15 p.m. | 1 hour, 19 minutes ago

    Description : The identity infrastructure software ZITADEL offers developers the ability to manage user sessions using the Session API. This API enables the use of IdPs for authentication, known as idp intents. Following a successful idp intent, the client receives an id and token on a predefined URI. These id and token can then be used to authenticate the user or their session. However, prior to versions 3.0.0, 2.71.9, and 2.70.10, it was possible to exploit this feature by repeatedly using intents. This allowed an attacker with access to the application’s URI to retrieve the id and token, enabling them to authenticate on behalf of the user. It’s important to note that the use of additional factors (MFA) prevents a complete authentication process and, consequently, access to the ZITADEL API. Versions 3.0.0, 2.71.9, and 2.70.10 contain a fix for the issue. No known workarounds other than upgrading are available.

    Severity: 8.0 | HIGH

    Visit the link for more details, such as CVSS details, affected products, timeline, and more…

    Source: Read More

    Facebook Twitter Reddit Email Copy Link
    Previous ArticleCVE-2025-4388 – Liferay Portal/DXP Reflected Cross-Site Scripting (XSS) Vulnerability
    Next Article CVE-2025-44900 – Tenda RX3 Buffer Overflow

    Related Posts

    Development

    Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability

    August 12, 2025
    Development

    WinRAR zero-day exploited in espionage attacks against high-value targets

    August 12, 2025
    Leave A Reply Cancel Reply

    For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

    Continue Reading

    CVE-2025-6474 – Code-projects Inventory Management System SQL Injection Vulnerability

    Common Vulnerabilities and Exposures (CVEs)

    Rilasciato Terminator 2.1.5: Il Terminale Avanzato per GNU/Linux

    Linux

    kew v3.2.0 improves internet radio support and more

    Linux

    CVE-2025-51464 – Aimhubio Aim XSS

    Common Vulnerabilities and Exposures (CVEs)

    Highlights

    CVE-2025-31640 – LambertGroup Magic Responsive Slider and Carousel WordPress SQL Injection

    May 16, 2025

    CVE ID : CVE-2025-31640

    Published : May 16, 2025, 4:15 p.m. | 2 hours, 55 minutes ago

    Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in LambertGroup Magic Responsive Slider and Carousel WordPress allows SQL Injection. This issue affects Magic Responsive Slider and Carousel WordPress: from n/a through 1.4.

    Severity: 8.5 | HIGH

    Visit the link for more details, such as CVSS details, affected products, timeline, and more…

    The top 6 TVs ZDNET readers are buying (no. 1 has the best picture quality we’ve ever seen)

    June 26, 2025

    LLMs Can Learn Complex Math from Just One Example: Researchers from University of Washington, Microsoft, and USC Unlock the Power of 1-Shot Reinforcement Learning with Verifiable Reward

    May 3, 2025

    Best Crypto Payment Gateway for High Risk

    July 16, 2025
    © DevStackTips 2025. All rights reserved.
    • Contact
    • Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.