CVE-2025-47930 – Zulip Public Channel Creation Privilege Escalation Vulnerability

May 15, 2025

CVE ID : CVE-2025-47930

Published : May 16, 2025, 12:15 a.m. | 42 minutes ago

Description : Zulip is an open-source team chat application. Starting in version 10.0 and prior to version 10.3, the “Who can create public channels” access control mechanism can be circumvented by creating a private or web-public channel, and then changing the channel privacy to public. A similar technique works for creating private channels without permission, though such a process requires either the API or modifying the HTML, as we do mark the “private” radio button as disabled in such cases. Version 10.3 contains a patch.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4729 – TOTOLINK A3002R/A3002RU Command Injection Vulnerability

Next Article CVE-2025-4728 – SourceCodester Best Online News Portal SQL Injection

Highlights

CVE-2025-32958 – Adept Language GitHub Token Exposure

April 21, 2025

CVE ID : CVE-2025-32958

Published : April 21, 2025, 9:15 p.m. | 1 hour, 10 minutes ago

Description : Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-standalone artifact. This artifact is a zip of the current directory, which includes the automatically generated .git/config file containing the run’s GITHUB_TOKEN. Seeing as the artifact can be downloaded prior to the end of the workflow, there is a few seconds where an attacker can extract the token from the artifact and use it with the Github API to push malicious code or rewrite release commits in the AdeptLanguage/Adept repository. This issue has been patched in commit a1a41b7.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Turning User Research Into Real Organizational Change

June 2025: All AI updates from the past month

Building a culture that will drive platform engineering success

Gartner: More than 40% of agentic AI projects will be canceled in the next few years

I FINALLY got my hands on my most anticipated gaming laptop of 2025 — and it’s a 14-inch monster

This gimbal-tracking webcam has TWO cameras and a great price — but it may not be “private” enough

I spent two months using the massive Area-51 gaming rig — both a powerful beast PC and an RGB beauty queen

“Using AI is no longer optional” — Did Microsoft just make Copilot mandatory for its staff as a critical performance metric?

June report 2025

June report 2025

Make your JS functions smarter and cleaner with default parameters

Best Home Interiors in Hyderabad – Top Designers & Affordable Packages

I FINALLY got my hands on my most anticipated gaming laptop of 2025 — and it’s a 14-inch monster

I FINALLY got my hands on my most anticipated gaming laptop of 2025 — and it’s a 14-inch monster

This gimbal-tracking webcam has TWO cameras and a great price — but it may not be “private” enough

I spent two months using the massive Area-51 gaming rig — both a powerful beast PC and an RGB beauty queen

CVE-2025-47930 – Zulip Public Channel Creation Privilege Escalation Vulnerability

CVE-2025-6554 Actively Exploited Google Chrome Zeroday

Cyber Brief 25-07 – June 2025

Google Proposes New Browser Security: Your Local Network, Your Permission!

Microsoft finally ships controversial Windows 11 ‘Recall’ feature after year-long delay — now rolling out to all Copilot+ PCs

Google Chrome’s May Update: What You Need to Know About CVE-2025-4372 and More

RoboCat: A self-improving robotic agent

CVE-2025-32958 – Adept Language GitHub Token Exposure

MODICIA O.S. – Linux multimedia distribution

CVE-2025-49143 – Nautobot Unauthenticated File Access Vulnerability

The new KB5055615 for Windows 11 Beta Channel brings huge improvements for the 23H2 version

CVE-2025-47930 – Zulip Public Channel Creation Privilege Escalation Vulnerability

Related Posts