Browse all 43 CVE security advisories affecting Zscaler. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Zscaler operates as a cloud-native security provider, primarily delivering Zero Trust Network Access (ZTNA) and cloud firewall services to secure enterprise traffic. Despite its focus on protecting external threats, the platform has recorded 43 Common Vulnerabilities and Exposures (CVEs), revealing internal security gaps. Historically, these flaws predominantly involve remote code execution and cross-site scripting, with several instances allowing privilege escalation within administrative interfaces. These vulnerabilities suggest that while the external-facing architecture is robust, internal application logic has occasionally failed to enforce strict input validation or access controls. Notable incidents include unauthorized access attempts exploiting these weaknesses, highlighting the risks associated with complex cloud management consoles. The presence of such defects underscores the necessity for rigorous internal code auditing and continuous monitoring, even for vendors specializing in external threat mitigation and secure access solutions.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-54982 | SAML 2.0 Public Key Validation Issue — Authentication ServerCWE-347 | 9.6 | Critical | 2025-08-05 |
This page lists every published CVE security advisory associated with Zscaler. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.