NOMISEC-Chocapikk/CVE-2025-67494

NOMISEC WORKING POC
Exploit for CVE-2025-67494 - Zitadel < 4.7.1 - SSRF
AI Analysis

This repository contains a functional exploit for CVE-2025-67494, an unauthenticated SSRF vulnerability in ZITADEL. The exploit automates the process of leaking Bearer tokens via SSRF and querying the ZITADEL Management API.

Attack Type
SSRF
Complexity
moderate
Reliability
reliable
MITRE ATT&CK
T1190 - Exploit Public-Facing Application T1083 - File and Directory Discovery
Loading exploit code...
Download ZIP Password: eip
Source
Platform Nomisec
Type poc
Files 5
Stars 5
Forks 0
Last Push Dec 10, 2025
Authors
Chocapikk
Vulnerability
CVE-2025-67494
Zitadel < 4.7.1 - SSRF
CRITICAL
CVSS 9.3