VYPR
Unrated severityNVD Advisory· Published Apr 5, 2025· Updated Apr 7, 2025

CVE-2025-32359

CVE-2025-32359

Description

In Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. When changing their two factor authentication configuration, users need to re-authenticate with their current password first. However, this change was enforced in Zammad only on the front end level, and not when using the API directly.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Zammad/Zammadllm-fuzzy2 versions
    6.4.x < 6.4.2+ 1 more
    • (no CPE)range: 6.4.x < 6.4.2
    • (no CPE)range: 6.4

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.