CVE-2025-31124
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-31124
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-31124.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-31124
- Aliases
-
- GHSA-67m4-8g4w-633q
- Published
- 2025-03-31T20:15:15Z
- Modified
- 2025-04-01T22:50:10.369721Z
- Summary
- [none]
- Details
-
Zitadel is open-source identity infrastructure software. ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. If enabled, ZITADEL will show the password prompt even if the user doesn't exist and report "Username or Password invalid". While the setting was correctly respected during the login flow, the user's username was normalized leading to a disclosure of the user's existence. This vulnerability is fixed in 2.71.6, 2.70.8, 2.69.9, 2.68.9, 2.67.13, 2.66.16, 2.65.7, 2.64.6, and 2.63.9.
- References
-
- https://github.com/zitadel/zitadel/security/advisories/GHSA-67m4-8g4w-633q
- https://github.com/zitadel/zitadel/commit/14de8ecac2afafee4975ed7ac26f3ca4a2b0f82c
- https://github.com/zitadel/zitadel/releases/tag/v2.63.9
- https://github.com/zitadel/zitadel/releases/tag/v2.64.6
- https://github.com/zitadel/zitadel/releases/tag/v2.65.7
- https://github.com/zitadel/zitadel/releases/tag/v2.66.16
- https://github.com/zitadel/zitadel/releases/tag/v2.67.13
- https://github.com/zitadel/zitadel/releases/tag/v2.68.9
- https://github.com/zitadel/zitadel/releases/tag/v2.69.9
- https://github.com/zitadel/zitadel/releases/tag/v2.70.8
- https://github.com/zitadel/zitadel/releases/tag/v2.71.6
Affected packages
Git / github.com/zitadel/zitadel
Affected ranges
- Type
- GIT
- Repo
- https://github.com/zitadel/zitadel
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
cnsl-feature-dev
feat-new-mail-templates-dev
v1-events-queries-dev
v0.*
v0.0.0
v0.1.0
v0.10.0
v0.100.0
v0.100.1
v0.100.2
v0.100.3
v0.100.4
v0.101.0
v0.102.0
v0.102.1
v0.103.0
v0.103.1
v0.103.2
v0.104.0
v0.104.1
v0.104.10
v0.104.11
v0.104.2
v0.104.3
v0.104.4
v0.104.5
v0.104.6
v0.104.7
v0.104.8
v0.104.9
v0.105.0
v0.105.1
v0.105.2
v0.105.3
v0.105.4
v0.105.5
v0.105.6
v0.105.7
v0.105.8
v0.106.0
v0.106.1
v0.106.2
v0.106.3
v0.107.0
v0.108.0
v0.108.1
v0.108.2
v0.108.3
v0.108.4
v0.109.0
v0.109.1
v0.109.10
v0.109.11
v0.109.12
v0.109.13
v0.109.14
v0.109.15
v0.109.16
v0.109.17
v0.109.18
v0.109.19
v0.109.2
v0.109.3
v0.109.4
v0.109.5
v0.109.6
v0.109.7
v0.109.8
v0.109.9
v0.11.0
v0.119.0
v0.119.1
v0.119.2
v0.119.3
v0.119.4
v0.119.5
v0.119.6
v0.12.0
v0.120.0
v0.120.1
v0.121.0
v0.121.1
v0.121.2
v0.122.0
v0.122.1
v0.122.2
v0.122.3
v0.122.4
v0.122.5
v0.123.0
v0.123.1
v0.123.2
v0.123.3
v0.123.4
v0.123.5
v0.124.0
v0.13.0
v0.14.0
v0.15.0
v0.16.0
v0.17.0
v0.17.1
v0.18.0
v0.18.1
v0.18.2
v0.18.3
v0.19.0
v0.2.0
v0.20.0
v0.20.1
v0.20.2
v0.21.0
v0.22.0
v0.22.1
v0.22.2
v0.22.3
v0.22.4
v0.22.5
v0.22.6
v0.22.7
v0.23.0
v0.23.1
v0.24.0
v0.24.1
v0.24.2
v0.24.3
v0.25.0
v0.25.1
v0.26.0
v0.27.0
v0.28.0
v0.29.0
v0.29.1
v0.3.0
v0.3.1
v0.30.0
v0.30.1
v0.31.0
v0.31.1
v0.31.2
v0.31.3
v0.32.0
v0.32.1
v0.32.2
v0.33.0
v0.33.1
v0.33.2
v0.33.3
v0.33.4
v0.33.5
v0.34.0
v0.35.0
v0.35.1
v0.35.2
v0.36.0
v0.37.0
v0.38.0
v0.39.0
v0.39.1
v0.4.0
v0.4.1
v0.40.0
v0.40.1
v0.40.2
v0.40.3
v0.40.4
v0.41.0
v0.41.1
v0.42.0
v0.42.1
v0.42.2
v0.42.3
v0.42.4
v0.43.0
v0.43.1
v0.43.2
v0.44.0
v0.44.1
v0.44.2
v0.44.3
v0.45.0
v0.46.0
v0.46.1
v0.47.0
v0.47.1
v0.47.2
v0.47.3
v0.47.4
v0.47.5
v0.48.0
v0.49.0
v0.49.1
v0.5.0
v0.50.0
v0.51.0
v0.51.1
v0.52.0
v0.53.0
v0.53.1
v0.53.2
v0.53.3
v0.53.4
v0.53.5
v0.54.0
v0.54.1
v0.54.2
v0.54.3
v0.54.4
v0.54.5
v0.55.0
v0.55.1
v0.55.10
v0.55.11
v0.55.12
v0.55.13
v0.55.2
v0.55.3
v0.55.4
v0.55.5
v0.55.6
v0.55.7
v0.55.8
v0.55.9
v0.56.0
v0.56.1
v0.57.0
v0.57.1
v0.57.2
v0.58.0
v0.59.0
v0.59.1
v0.6.0
v0.60.0
v0.60.1
v0.61.0
v0.61.1
v0.61.2
v0.61.3
v0.61.4
v0.62.0
v0.63.0
v0.63.1
v0.64.0
v0.64.1
v0.64.2
v0.64.3
v0.64.4
v0.64.5
v0.64.6
v0.64.7
v0.65.0
v0.66.0
v0.66.1
v0.67.0
v0.67.1
v0.67.2
v0.68.0
v0.69.0
v0.69.1
v0.7.0
v0.70.0
v0.70.1
v0.71.0
v0.72.0
v0.73.0
v0.74.0
v0.74.1
v0.74.2
v0.74.3
v0.74.4
v0.75.0
v0.75.1
v0.75.2
v0.75.3
v0.75.4
v0.75.5
v0.76.0
v0.76.1
v0.76.2
v0.76.3
v0.77.0
v0.77.1
v0.77.2
v0.77.3
v0.77.4
v0.77.5
v0.78.0
v0.78.1
v0.78.2
v0.79.0
v0.8.0
v0.80.0
v0.80.1
v0.80.2
v0.81.0
v0.81.1
v0.81.2
v0.81.3
v0.81.4
v0.81.5
v0.81.6
v0.82.0
v0.82.1
v0.82.2
v0.82.3
v0.82.4
v0.83.0
v0.83.1
v0.83.2
v0.83.3
v0.83.4
v0.83.5
v0.83.6
v0.84.0
v0.84.1
v0.84.2
v0.84.3
v0.84.4
v0.85.0
v0.85.1
v0.85.2
v0.85.3
v0.85.4
v0.86.0
v0.86.1
v0.86.2
v0.87.0
v0.87.1
v0.88.0
v0.88.1
v0.88.2
v0.88.3
v0.88.4
v0.88.5
v0.88.6
v0.88.7
v0.88.8
v0.89.0
v0.89.1
v0.89.2
v0.89.3
v0.89.4
v0.9.0
v0.90.0
v0.90.1
v0.90.2
v0.91.0
v0.91.1
v0.91.2
v0.91.3
v0.91.4
v0.91.5
v0.91.6
v0.92.0
v0.93.0
v0.93.1
v0.94.0
v0.94.1
v0.95.0
v0.95.1
v0.95.10
v0.95.2
v0.95.3
v0.95.4
v0.95.5
v0.95.6
v0.95.7
v0.95.8
v0.95.9
v0.96.0
v0.97.0
v0.97.1
v0.97.2
v0.98.0
v0.99.0
v0.99.1
v1.*
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.1.0
v1.10.0
v1.10.1
v1.10.2
v1.10.3
v1.10.4
v1.10.5
v1.11.0
v1.11.1
v1.12.0
v1.12.1
v1.12.2
v1.12.3
v1.12.4
v1.12.5
v1.12.6
v1.12.7
v1.13.0
v1.14.0
v1.14.1
v1.15.0
v1.15.1
v1.16.0
v1.16.1
v1.16.2
v1.16.3
v1.16.4
v1.16.5
v1.16.6
v1.16.7
v1.16.8
v1.17.0
v1.17.1
v1.17.2
v1.17.3
v1.17.4
v1.17.5
v1.17.6
v1.17.7
v1.18.0
v1.18.1
v1.19.0
v1.19.1
v1.19.2
v1.19.3
v1.19.4
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.2.6
v1.2.7
v1.20.0
v1.20.1
v1.20.2
v1.20.3
v1.20.4
v1.20.5
v1.21.0
v1.21.1
v1.21.2
v1.21.3
v1.21.4
v1.22.0
v1.22.1
v1.22.10
v1.22.11
v1.22.12
v1.22.13
v1.22.2
v1.22.3
v1.22.4
v1.22.5
v1.22.6
v1.22.7
v1.22.8
v1.22.9
v1.23.0
v1.23.1
v1.23.2
v1.23.3
v1.23.4
v1.23.5
v1.24.0
v1.24.1
v1.24.2
v1.25.0
v1.25.1
v1.26.0
v1.26.1
v1.27.0
v1.27.1
v1.27.2
v1.27.3
v1.27.4
v1.28.0
v1.28.1
v1.28.2
v1.28.3
v1.28.4
v1.29.0
v1.29.1
v1.29.2
v1.29.3
v1.29.4
v1.29.5
v1.29.6
v1.3.0
v1.30.0
v1.30.1
v1.30.2
v1.31.0
v1.31.1
v1.32.0
v1.32.1
v1.32.2
v1.32.3
v1.32.4
v1.32.5
v1.33.0
v1.33.1
v1.34.0
v1.34.1
v1.34.10
v1.34.11
v1.34.2
v1.34.3
v1.34.4
v1.34.5
v1.34.6
v1.34.7
v1.34.8
v1.34.9
v1.35.0
v1.35.1
v1.36.0
v1.37.0
v1.38.0
v1.39.0
v1.39.1
v1.4.0
v1.40.0
v1.41.0
v1.41.1
v1.41.2
v1.41.3
v1.41.4
v1.42.0
v1.42.1
v1.42.2
v1.43.0
v1.43.1
v1.43.2
v1.43.3
v1.43.4
v1.44.0
v1.44.1
v1.44.2
v1.44.3
v1.45.0
v1.45.1
v1.45.2
v1.45.3
v1.45.4
v1.45.5
v1.45.6
v1.46.0
v1.46.1
v1.46.2
v1.46.3
v1.46.4
v1.47.0
v1.47.1
v1.47.2
v1.47.3
v1.47.4
v1.47.5
v1.47.6
v1.48.0
v1.48.1
v1.48.2
v1.48.3
v1.48.4
v1.48.5
v1.48.6
v1.48.7
v1.48.8
v1.49.0
v1.49.1
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.50.0
v1.50.1
v1.50.2
v1.50.3
v1.50.4
v1.51.0
v1.52.0
v1.52.1
v1.52.2
v1.53.0
v1.53.1
v1.53.2
v1.54.0
v1.54.1
v1.54.10
v1.54.2
v1.54.3
v1.54.4
v1.54.5
v1.54.6
v1.54.7
v1.54.8
v1.54.9
v1.55.0
v1.55.1
v1.55.2
v1.56.0
v1.56.1
v1.56.10
v1.56.11
v1.56.12
v1.56.13
v1.56.14
v1.56.15
v1.56.16
v1.56.17
v1.56.18
v1.56.19
v1.56.2
v1.56.20
v1.56.21
v1.56.22
v1.56.3
v1.56.4
v1.56.5
v1.56.6
v1.56.7
v1.56.8
v1.56.9
v1.57.0
v1.57.1
v1.58.0
v1.59.0
v1.59.1
v1.59.2
v1.59.3
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.60.0
v1.60.1
v1.60.2
v1.60.3
v1.61.0
v1.62.0
v1.62.1
v1.62.2
v1.63.0
v1.64.0
v1.65.0
v1.66.0
v1.66.1
v1.66.2
v1.66.3
v1.66.4
v1.66.5
v1.66.6
v1.66.7
v1.66.8
v1.66.9
v1.67.0
v1.67.1
v1.68.0
v1.68.1
v1.69.0
v1.69.1
v1.69.2
v1.69.3
v1.69.4
v1.69.5
v1.69.6
v1.69.7
v1.69.8
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.7.4
v1.70.0
v1.70.1
v1.70.2
v1.71.0
v1.71.1
v1.71.2
v1.72.0
v1.72.1
v1.73.0
v1.73.1
v1.73.2
v1.73.3
v1.73.4
v1.74.0
v1.75.0
v1.75.1
v1.75.2
v1.75.3
v1.75.4
v1.75.5
v1.75.6
v1.75.7
v1.75.8
v1.76.0
v1.76.1
v1.76.2
v1.77.0
v1.77.1
v1.77.2
v1.78.0
v1.79.0
v1.8.0
v1.8.1
v1.8.2
v1.8.3
v1.8.4
v1.80.0-v2.1
v1.80.0-v2.10
v1.80.0-v2.11
v1.80.0-v2.12
v1.80.0-v2.13
v1.80.0-v2.14
v1.80.0-v2.15
v1.80.0-v2.16
v1.80.0-v2.17
v1.80.0-v2.18
v1.80.0-v2.19
v1.80.0-v2.2
v1.80.0-v2.20
v1.80.0-v2.3
v1.80.0-v2.4
v1.80.0-v2.5
v1.80.0-v2.6
v1.80.0-v2.7
v1.80.0-v2.8
v1.80.0-v2.9
v1.9.0
v1.9.1
v1.9.2
v2.*
v2.0.0
v2.0.0-v2-alpha.1
v2.0.0-v2-alpha.10
v2.0.0-v2-alpha.11
v2.0.0-v2-alpha.12
v2.0.0-v2-alpha.13
v2.0.0-v2-alpha.14
v2.0.0-v2-alpha.15
v2.0.0-v2-alpha.16
v2.0.0-v2-alpha.17
v2.0.0-v2-alpha.18
v2.0.0-v2-alpha.19
v2.0.0-v2-alpha.2
v2.0.0-v2-alpha.20
v2.0.0-v2-alpha.21
v2.0.0-v2-alpha.22
v2.0.0-v2-alpha.23
v2.0.0-v2-alpha.24
v2.0.0-v2-alpha.25
v2.0.0-v2-alpha.26
v2.0.0-v2-alpha.27
v2.0.0-v2-alpha.28
v2.0.0-v2-alpha.29
v2.0.0-v2-alpha.3
v2.0.0-v2-alpha.30
v2.0.0-v2-alpha.31
v2.0.0-v2-alpha.32
v2.0.0-v2-alpha.33
v2.0.0-v2-alpha.34
v2.0.0-v2-alpha.35
v2.0.0-v2-alpha.36
v2.0.0-v2-alpha.37
v2.0.0-v2-alpha.38
v2.0.0-v2-alpha.39
v2.0.0-v2-alpha.4
v2.0.0-v2-alpha.40
v2.0.0-v2-alpha.41
v2.0.0-v2-alpha.42
v2.0.0-v2-alpha.43
v2.0.0-v2-alpha.44
v2.0.0-v2-alpha.5
v2.0.0-v2-alpha.6
v2.0.0-v2-alpha.7
v2.0.0-v2-alpha.8
v2.0.0-v2-alpha.9
v2.0.1
v2.1.0
v2.1.1
v2.10.0
v2.11.0
v2.11.1
v2.12.0
v2.13.0
v2.13.1
v2.14.0
v2.14.1
v2.14.2
v2.14.3
v2.14.4
v2.14.5
v2.15.0
v2.16.0
v2.16.1
v2.17.0
v2.17.1
v2.18.0
v2.19.0
v2.2.0
v2.20.0
v2.21.0
v2.22.0
v2.22.1
v2.22.2
v2.23.0
v2.23.1
v2.24.0
v2.25.0
v2.25.1
v2.25.2
v2.25.3
v2.26.0
v2.26.1
v2.26.2
v2.27.0
v2.27.1
v2.28.0
v2.28.0-rc.1
v2.28.1
v2.29.0
v2.29.0-rc.1
v2.29.0-rc.2
v2.29.0-rc.3
v2.29.0-rc.4
v2.29.1
v2.29.2
v2.29.3
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.30.0
v2.31.0
v2.31.1
v2.31.2
v2.31.3
v2.31.4
v2.31.5
v2.32.0
v2.33.0
v2.33.1
v2.34.0
v2.34.1
v2.35.0
v2.35.1
v2.36.0
v2.36.1
v2.36.2
v2.36.3
v2.37.0
v2.37.1
v2.37.2
v2.37.3
v2.38.0
v2.38.1
v2.4.0
v2.5.0
v2.5.1
v2.6.0
v2.7.0
v2.8.0
v2.8.1
v2.8.2
v2.9.0
v2.9.1