Primary

Context

Zammad Knowledge Base Incorrect Access Control Vulnerability

Vulnerability

Patched

A vulnerability exists in Zammad versions 6.4.x prior to 6.4.2, allowing authenticated agents with knowledge base permissions to use the Zammad API to access knowledge base content for which they do not have authorization.

Impact

Exploitation of this vulnerability could lead to unauthorized access to knowledge base content.

Remediation

Users are advised to upgrade to Zammad version 6.5.0 or 6.4.2. The latest releases can be downloaded from the Zammad website or via the Zammad FTP site. Users with Zammad installed through an operating system package manager should update through that method.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zammad Knowledge Base Incorrect Access Control Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Zammad

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating