High severityNVD Advisory· Published Oct 20, 2000· Updated Apr 16, 2026

CVE-2000-0725

Description

Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
zopePyPI	< 2.2.1	2.2.1

Affected products

Zope/Zope4 versions
cpe:2.3:a:zope:zope:1.10.3:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:zope:zope:1.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.2_beta1:*:*:*:*:*:*:*
ghsa-coords
pkg:pypi/zope
Range: < 2.2.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/bugtraq/2000-08/0198.htmlnvdPatchVendor Advisory
archives.neohapsis.com/archives/bugtraq/2000-08/0259.htmlnvdPatch
www.securityfocus.com/bid/1577nvdPatchVendor Advisory
www.debian.org/security/2000/20000821nvdVendor AdvisoryWEB
github.com/advisories/GHSA-9cmq-pj6p-hgwfghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2000-0725ghsaADVISORY
www.redhat.com/support/errata/RHSA-2000-052.htmlnvdWEB
www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alertnvdWEB
web.archive.org/web/20010219192346/http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.htmlghsaWEB
web.archive.org/web/20010219192441/http://archives.neohapsis.com/archives/bugtraq/2000-08/0259.htmlghsaWEB
web.archive.org/web/20010228172804/http://www.securityfocus.com/bid/1577ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000