7.5
CVE-2025-7974
- EPSS 0.06%
- Veröffentlicht 02.09.2025 19:46:21
- Zuletzt bearbeitet 27.01.2026 18:39:15
- Quelle zdi-disclosures@trendmicro.com
- CVE-Watchlists
- Unerledigt
rocket.chat Incorrect Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of rocket.chat. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 3000 by default. The issue results from incorrect authorization. An attacker can leverage this vulnerability to disclose information in the context of the application. Was ZDI-CAN-26517.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Rocket.Chat ≫ Rocket.Chat Version >= 7.4.0 < 7.4.4
Rocket.Chat ≫ Rocket.Chat Version >= 7.5.0 < 7.5.3
Rocket.Chat ≫ Rocket.Chat Version >= 7.6.0 < 7.6.4
Rocket.Chat ≫ Rocket.Chat Version >= 7.7.0 < 7.7.2
Rocket.Chat ≫ Rocket.Chat Version > 7.7.2 < 7.8.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.177 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| zdi-disclosures@trendmicro.com | 3.7 | 2.2 | 1.4 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.