How severe is CVE-2025-30215?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.6 out of 10.

What type of vulnerability is CVE-2025-30215?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2025-30215 - CRITICAL Severity | CVSS 9.6

Vulnerability Description

NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially exposed into regular accounts to allow account holders to manage their assets. Some of the JS API requests were missing access controls, allowing any user with JS management permissions in any account to perform certain administrative actions on any JS asset in any other account. At least one of the unprotected APIs allows for data destruction. None of the affected APIs allow disclosing stream contents. This vulnerability is fixed in v2.11.1 or v2.10.27.

Related Vulnerabilities

CVE-2017-2871

CRITICAL

CVSS:9.6(Critical)

Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or h...

CWE-2872017

CVE-2019-15897

CRITICAL

CVSS:9.6(Critical)

beegfs-ctl in ThinkParQ BeeGFS through 7.1.3 allows Authentication Bypass via communication with a BeeGFS metadata server (which is typically not exposed to external networks).

CWE-2872019

CVE-2020-11551

CRITICAL

CVSS:9.6(Critical)

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V...

CWE-2872020

CVE-2020-13292

CRITICAL

CVSS:9.6(Critical)

In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow.

CWE-2872020

CVE-2021-22943

CRITICAL

CVSS:9.6(Critical)

A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to sa...

CWE-2872021

CVE-2021-26088

CRITICAL

CVSS:9.6(Critical)

An improper authentication vulnerability in FSSO Collector version 5.0.295 and below may allow an unauthenticated user to bypass a FSSO firewall policy and access the protected network via sending spe...

CWE-2872021