CVE-2025-52559 – Zulip Server Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-52559

Published : July 2, 2025, 8:15 p.m. | 37 minutes ago

Description : Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the email weekly digest would contain. This URL, though not the digest itself, contains a cross-site scripting (XSS) vulnerability in both topic names and channel names. This issue has been fixed in Zulip Server 10.4. A workaround for this issue involves denying access to /digest/.

Severity: 6.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…