CWE-942
Permissive Cross-domain Security Policy with Untrusted Domains
The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.
CVE-2025-11304 (GCVE-0-2025-11304)
Vulnerability from cvelistv5 – Published: 2025-10-05 21:02 – Updated: 2025-10-06 16:11
VLAI
Title
CodeCanyon/ui-lib Mentor LMS API cross-domain policy
Summary
A flaw has been found in CodeCanyon/ui-lib Mentor LMS up to 1.1.1. Affected by this vulnerability is an unknown functionality of the component API. Executing manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.327185 | vdb-entry |
| https://vuldb.com/?ctiid.327185 | signaturepermissions-required |
| https://vuldb.com/?submit.661733 | third-party-advisory |
| https://github.com/PlsRevert/CVEs/issues/3 | issue-tracking |
| https://github.com/PlsRevert/CVEs/issues/3#issue-… | exploitissue-tracking |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| CodeCanyon | Mentor LMS |
Affected:
1.1.0
Affected: 1.1.1 |
|
| ui-lib | Mentor LMS |
Affected:
1.1.0
Affected: 1.1.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11304",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-06T16:10:50.243196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T16:11:03.752Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/PlsRevert/CVEs/issues/3"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/PlsRevert/CVEs/issues/3#issue-3447867888"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"API"
],
"product": "Mentor LMS",
"vendor": "CodeCanyon",
"versions": [
{
"status": "affected",
"version": "1.1.0"
},
{
"status": "affected",
"version": "1.1.1"
}
]
},
{
"modules": [
"API"
],
"product": "Mentor LMS",
"vendor": "ui-lib",
"versions": [
{
"status": "affected",
"version": "1.1.0"
},
{
"status": "affected",
"version": "1.1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "JaredLoo (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in CodeCanyon/ui-lib Mentor LMS up to 1.1.1. Affected by this vulnerability is an unknown functionality of the component API. Executing manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in CodeCanyon/ui-lib Mentor LMS up to 1.1.1 entdeckt. Betroffen davon ist eine unbekannte Funktion der Komponente API. Mittels dem Manipulieren mit unbekannten Daten kann eine permissive cross-domain policy with untrusted domains-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-05T21:02:06.131Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-327185 | CodeCanyon/ui-lib Mentor LMS API cross-domain policy",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.327185"
},
{
"name": "VDB-327185 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.327185"
},
{
"name": "Submit #661733 | ui-lib Mentor LMS 1.1.1 Origin Validation Error",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.661733"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/PlsRevert/CVEs/issues/3"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/PlsRevert/CVEs/issues/3#issue-3447867888"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-04T20:58:12.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeCanyon/ui-lib Mentor LMS API cross-domain policy"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11304",
"datePublished": "2025-10-05T21:02:06.131Z",
"dateReserved": "2025-10-04T18:53:08.673Z",
"dateUpdated": "2025-10-06T16:11:03.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-13984 (GCVE-0-2025-13984)
Vulnerability from cvelistv5 – Published: 2026-01-28 20:02 – Updated: 2026-01-29 18:24
VLAI
Title
Next.js - Critical - Access bypass - SA-CONTRIB-2025-122
Summary
Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting (XSS).This issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1.
Severity
6.1 (Medium)
CWE
- CWE-942 - Permissive Cross-domain Security Policy with Untrusted Domains
Assigner
References
1 reference
Impacted products
Date Public
2025-12-03 18:49
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-13984",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-29T18:24:01.824775Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-29T18:24:28.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/next",
"defaultStatus": "unaffected",
"product": "Next.js",
"repo": "https://git.drupalcode.org/project/next",
"vendor": "Drupal",
"versions": [
{
"lessThan": "1.6.4",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2.0.1",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mike Decker (pookmish)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Brian Perry (brianperry)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Rob Decker (rrrob)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Bram Driesen (bramdriesen)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Greg Knaddison (greggles)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Jess (xjm)"
}
],
"datePublic": "2025-12-03T18:49:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting (XSS).\u003cp\u003eThis issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1.\u003c/p\u003e"
}
],
"value": "Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting (XSS).This issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942 Permissive Cross-domain Security Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T20:02:22.486Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2025-122"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Next.js - Critical - Access bypass - SA-CONTRIB-2025-122",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2025-13984",
"datePublished": "2026-01-28T20:02:22.486Z",
"dateReserved": "2025-12-03T17:04:25.507Z",
"dateUpdated": "2026-01-29T18:24:28.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-25264 (GCVE-0-2025-25264)
Vulnerability from cvelistv5 – Published: 2025-06-16 09:45 – Updated: 2025-11-21 11:36
VLAI
Title
Overly Permissive CORS Policy in WAGO Device Manager
Summary
An unauthenticated remote attacker can trick an admin to visit a website containing malicious java script code. The current overly permissive CORS policy allows the attacker to obtain any files from the file system.
Severity
6.5 (Medium)
CWE
- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
Assigner
References
1 reference
Impacted products
21 products
| Vendor | Product | Version | |
|---|---|---|---|
| WAGO | CC100 0751-9x01 |
Affected:
0.0.0 , < 04.07.01 (FW29)
(semver)
|
|
| WAGO | CC100 0751-9x01 |
Affected:
0.0.0 , < 04.07.01 (70
(semver)
|
|
| WAGO | PFC100 G1 0750-810x/xxxx-xxxx |
Affected:
0.0.0 , < 3.10.11 (FW22 Patch 2)
(semver)
|
|
| WAGO | PFC100 G2 0750-811x-xxxx-xxxx |
Affected:
0.0.0 , < 04.07.01 (70)
(semver)
|
|
| WAGO | PFC200 G1 750-820x-xxx-xxx |
Affected:
0.0.0 , < 3.10.11 (FW22 Patch 2)
(semver)
|
|
| WAGO | PFC200 G2 750-821x-xxx-xxx |
Affected:
0.0.0 , < 04.07.01 (FW29)
(semver)
|
|
| WAGO | PFC200 G2 750-821x-xxx-xxx |
Affected:
0.0.0 , < 04.07.01 (70)
(semver)
|
|
| WAGO | TP600 0762-420x/8000-000x |
Affected:
0.0.0 , < 04.07.01 (FW29)
(semver)
|
|
| WAGO | TP600 0762-420x/8000-000x |
Affected:
0.0.0 , < 04.07.01 (70)
(semver)
|
|
| WAGO | TP600 0762-430x/8000-000x |
Affected:
0.0.0 , < 04.07.01 (FW29)
(semver)
|
|
| WAGO | TP600 0762-430x/8000-000x |
Affected:
0.0.0 , < 04.07.01 (70)
(semver)
|
|
| WAGO | TP600 0762-520x/8000-000x |
Affected:
0.0.0 , < 04.07.01 (FW29)
(semver)
|
|
| WAGO | TP600 0762-520x/8000-000x |
Affected:
0.0.0 , < 04.07.01 (70)
(semver)
|
|
| WAGO | TP600 0762-530x/8000-000x |
Affected:
0.0.0 , < 04.07.01 (FW29)
(semver)
|
|
| WAGO | TP600 0762-530x/8000-000x |
Affected:
0.0.0 , < 04.07.01 (70)
(semver)
|
|
| WAGO | TP600 0762-620x/8000-000x |
Affected:
0.0.0 , < 04.07.01 (FW29)
(semver)
|
|
| WAGO | TP600 0762-620x/8000-000x |
Affected:
0.0.0 , < 04.07.01 (70)
(semver)
|
|
| WAGO | TP600 0762-630x/8000-000x |
Affected:
0.0.0 , < 04.07.01 (FW29)
(semver)
|
|
| WAGO | TP600 0762-630x/8000-000x |
Affected:
0.0.0 , < 04.07.01 (70)
(semver)
|
|
| WAGO | Edge Controller 0752-8303/8000-0002 |
Affected:
0.0.0 , < 04.07.01 (FW29)
(semver)
|
|
| WAGO | Edge Controller 0752-8303/8000-0002 |
Affected:
0.0.0 , < 04.07.01 (70)
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T18:15:48.127204Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T18:15:58.245Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9x01",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (FW29)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9x01",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (70",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC100 G1 0750-810x/xxxx-xxxx",
"vendor": "WAGO",
"versions": [
{
"lessThan": "3.10.11 (FW22 Patch 2)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC100 G2 0750-811x-xxxx-xxxx",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (70)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200 G1 750-820x-xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThan": "3.10.11 (FW22 Patch 2)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200 G2 750-821x-xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (FW29)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200 G2 750-821x-xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (70)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-420x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (FW29)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-420x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (70)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-430x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (FW29)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-430x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (70)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-520x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (FW29)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-520x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (70)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-530x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (FW29)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-530x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (70)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-620x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (FW29)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-620x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (70)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-630x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (FW29)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-630x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (70)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller 0752-8303/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (FW29)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller 0752-8303/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (70)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can trick an admin to visit a website containing malicious java script code. The current overly permissive CORS policy allows the attacker to obtain any files from the file system.\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker can trick an admin to visit a website containing malicious java script code. The current overly permissive CORS policy allows the attacker to obtain any files from the file system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942 Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T11:36:54.281Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-018/"
}
],
"source": {
"advisory": "VDE-2025-018",
"defect": [
"CERT@VDE#641748"
],
"discovery": "UNKNOWN"
},
"title": "Overly Permissive CORS Policy in WAGO Device Manager",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-25264",
"datePublished": "2025-06-16T09:45:31.613Z",
"dateReserved": "2025-02-06T12:30:08.317Z",
"dateUpdated": "2025-11-21T11:36:54.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-27909 (GCVE-0-2025-27909)
Vulnerability from cvelistv5 – Published: 2025-08-18 14:00 – Updated: 2025-08-18 14:12
VLAI
Title
IBM Concert Software cross-origin resource sharing
Summary
IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged actions as the domain name is not being limited to only trusted domains.
Severity
5.4 (Medium)
CWE
- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7242354 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Concert Software |
Affected:
1.0.0 , ≤ 1.1.0
(semver)
cpe:2.3:a:ibm:concert:1.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:concert:1.0.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27909",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-18T14:12:23.680897Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T14:12:36.834Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:concert:1.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:concert:1.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Concert Software",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "1.1.0",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged actions as the domain name is not being limited to only trusted domains."
}
],
"value": "IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged actions as the domain name is not being limited to only trusted domains."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942 Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T14:00:31.751Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7242354"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Concert Software cross-origin resource sharing",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-27909",
"datePublished": "2025-08-18T14:00:31.751Z",
"dateReserved": "2025-03-10T17:14:11.136Z",
"dateUpdated": "2025-08-18T14:12:36.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2865 (GCVE-0-2025-2865)
Vulnerability from cvelistv5 – Published: 2025-03-28 13:24 – Updated: 2025-03-28 14:32
VLAI
Title
Reflected Cross-Site Scripting (XSS) vulnerability in saTECH BCU
Summary
SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code (resources) stored on another malicious website owned by the attacker.
Severity
CWE
- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arteche | saTECH BCU |
Affected:
2.1.3
|
Date Public
2025-03-27 11:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2865",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-28T14:32:10.587216Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T14:32:18.569Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "saTECH BCU",
"vendor": "Arteche",
"versions": [
{
"status": "affected",
"version": "2.1.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aar\u00f3n Flecha"
},
{
"lang": "en",
"type": "finder",
"value": "Gabriel V\u00eda Echezarreta"
}
],
"datePublic": "2025-03-27T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code (resources) stored on another malicious website owned by the attacker."
}
],
"value": "SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code (resources) stored on another malicious website owned by the attacker."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 2.4,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T13:24:47.015Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been fixed by Arteche in firmware version 2.2.1."
}
],
"value": "The vulnerability has been fixed by Arteche in firmware version 2.2.1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Reflected Cross-Site Scripting (XSS) vulnerability in saTECH BCU",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-2865",
"datePublished": "2025-03-28T13:24:47.015Z",
"dateReserved": "2025-03-27T10:59:45.540Z",
"dateUpdated": "2025-03-28T14:32:18.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30354 (GCVE-0-2025-30354)
Vulnerability from cvelistv5 – Published: 2025-04-01 14:21 – Updated: 2025-04-02 15:54
VLAI
Title
Bruno ignores Safe-Mode in Asserts expressions
Summary
Bruno is an open source IDE for exploring and testing APIs. A bug in the assertion runtime caused assert expressions to run in Developer Mode, even if Safe Mode was selected. The bug resulted in the sandbox settings to be ignored for the particular case where a single request is run/sent. This vulnerability's attack surface is limited strictly to scenarios where users import collections from untrusted or malicious sources. The exploit requires deliberate action from the user—specifically, downloading and opening an externally provided malicious Bruno collection. The vulnerability is fixed in 1.39.1.
Severity
CWE
- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/usebruno/bruno/security/adviso… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30354",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T15:53:55.512512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T15:54:07.928Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "bruno",
"vendor": "usebruno",
"versions": [
{
"status": "affected",
"version": "\u003c 1.39.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bruno is an open source IDE for exploring and testing APIs. A bug in the assertion runtime caused assert expressions to run in Developer Mode, even if Safe Mode was selected. The bug resulted in the sandbox settings to be ignored for the particular case where a single request is run/sent. This vulnerability\u0027s attack surface is limited strictly to scenarios where users import collections from untrusted or malicious sources. The exploit requires deliberate action from the user\u2014specifically, downloading and opening an externally provided malicious Bruno collection. The vulnerability is fixed in 1.39.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T14:21:39.625Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/usebruno/bruno/security/advisories/GHSA-hffg-7v8v-79j3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/usebruno/bruno/security/advisories/GHSA-hffg-7v8v-79j3"
}
],
"source": {
"advisory": "GHSA-hffg-7v8v-79j3",
"discovery": "UNKNOWN"
},
"title": "Bruno ignores Safe-Mode in Asserts expressions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-30354",
"datePublished": "2025-04-01T14:21:39.625Z",
"dateReserved": "2025-03-21T14:12:06.270Z",
"dateUpdated": "2025-04-02T15:54:07.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41010 (GCVE-0-2025-41010)
Vulnerability from cvelistv5 – Published: 2025-10-02 12:22 – Updated: 2025-10-02 15:52
VLAI
Title
Cross-origin resource sharing (CORS) in Hiberus Sintra
Summary
Incorrect Cross-Origin Resource Sharing (CORS) configuration in Hiberus Sintra. Cross-Origin Resource Sharing (CORS) allows browsers to make cross-domain requests in a controlled manner. This request has an “Origin” header that identifies the domain making the initial request and defines the protocol between a browser and a server to see if the request is allowed. An attacker can exploit this and potentially perform privileged actions and access confidential information when Access-Control-Allow-Credentials is enabled.
Severity
CWE
- CWE-942 - Permissive Cross-domain Security Policy with Untrusted Domains
Assigner
References
1 reference
Date Public
2025-10-02 12:16
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41010",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:13:55.558386Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:52:28.607Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sintra",
"vendor": "Hiberus",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Manuel Gomez Argando\u00f1a"
}
],
"datePublic": "2025-10-02T12:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Cross-Origin Resource Sharing (CORS) configuration in Hiberus Sintra. Cross-Origin Resource Sharing (CORS) allows browsers to make cross-domain requests in a controlled manner. This request has an \u201cOrigin\u201d header that identifies the domain making the initial request and defines the protocol between a browser and a server to see if the request is allowed. An attacker can exploit this and potentially perform privileged actions and access confidential information when Access-Control-Allow-Credentials is enabled."
}
],
"value": "Incorrect Cross-Origin Resource Sharing (CORS) configuration in Hiberus Sintra. Cross-Origin Resource Sharing (CORS) allows browsers to make cross-domain requests in a controlled manner. This request has an \u201cOrigin\u201d header that identifies the domain making the initial request and defines the protocol between a browser and a server to see if the request is allowed. An attacker can exploit this and potentially perform privileged actions and access confidential information when Access-Control-Allow-Credentials is enabled."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942 Permissive Cross-domain Security Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T12:22:32.030Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-origin-resource-sharing-cors-hiberus-sintra"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNo solution has been reported at this time.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "No solution has been reported at this time."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cross-origin resource sharing (CORS) in Hiberus Sintra",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-41010",
"datePublished": "2025-10-02T12:22:32.030Z",
"dateReserved": "2025-04-16T09:08:43.217Z",
"dateUpdated": "2025-10-02T15:52:28.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41363 (GCVE-0-2025-41363)
Vulnerability from cvelistv5 – Published: 2025-06-06 11:47 – Updated: 2025-06-06 14:19
VLAI
Title
CORS vulnerability in IDF and ZLF
Summary
In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission.
Severity
CWE
- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ZIV | IDF and ZLF |
Affected:
0 , < 1.1.0
(custom)
|
Date Public
2025-06-05 10:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41363",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-06T14:17:56.772252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-06T14:19:23.725Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IDF and ZLF",
"vendor": "ZIV",
"versions": [
{
"lessThan": "1.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aar\u00f3n Flecha Men\u00e9ndez"
},
{
"lang": "en",
"type": "finder",
"value": "Gabriel V\u00eda Echezarreta"
}
],
"datePublic": "2025-06-05T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission."
}
],
"value": "In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-06T11:47:55.640Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-zivs-idf-and-zlf-products"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been fixed by ZIV in firmware version\u0026nbsp;1.1.0.\u003cbr\u003e"
}
],
"value": "The vulnerability has been fixed by ZIV in firmware version\u00a01.1.0."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "CORS vulnerability in IDF and ZLF",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-41363",
"datePublished": "2025-06-06T11:47:55.640Z",
"dateReserved": "2025-04-16T09:57:04.872Z",
"dateUpdated": "2025-06-06T14:19:23.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41366 (GCVE-0-2025-41366)
Vulnerability from cvelistv5 – Published: 2025-06-06 11:50 – Updated: 2025-06-06 12:51
VLAI
Title
CORS vulnerability in IDF and ZLF
Summary
In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability requires authenticating to the device and executing certain commands that can only be executed with permissions higher than the view permission.
Severity
CWE
- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ZIV | IDF and ZLF |
Affected:
0 , < 1.1.0
(custom)
|
Date Public
2025-06-05 10:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41366",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-06T12:50:24.964218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-06T12:51:02.198Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IDF and ZLF",
"vendor": "ZIV",
"versions": [
{
"lessThan": "1.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aar\u00f3n Flecha Men\u00e9ndez"
},
{
"lang": "en",
"type": "finder",
"value": "Gabriel V\u00eda Echezarreta"
}
],
"datePublic": "2025-06-05T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability requires authenticating to the device and executing certain commands that can only be executed with permissions higher than the view permission."
}
],
"value": "In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability requires authenticating to the device and executing certain commands that can only be executed with permissions higher than the view permission."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-06T11:50:42.685Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-zivs-idf-and-zlf-products"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been fixed by ZIV in firmware version\u0026nbsp;1.1.0.\u003cbr\u003e"
}
],
"value": "The vulnerability has been fixed by ZIV in firmware version\u00a01.1.0."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "CORS vulnerability in IDF and ZLF",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-41366",
"datePublished": "2025-06-06T11:50:42.685Z",
"dateReserved": "2025-04-16T09:57:06.079Z",
"dateUpdated": "2025-06-06T12:51:02.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4515 (GCVE-0-2025-4515)
Vulnerability from cvelistv5 – Published: 2025-05-10 20:31 – Updated: 2025-05-12 14:39
VLAI
Title
Zylon PrivateGPT settings.yaml cross-domain policy
Summary
A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2. This affects an unknown part of the file settings.yaml. The manipulation of the argument allow_origins leads to permissive cross-domain policy with untrusted domains. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
4.3 (Medium)
4.3 (Medium)
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.308235 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.308235 | signaturepermissions-required |
| https://vuldb.com/?submit.564451 | third-party-advisory |
| https://gist.github.com/superboy-zjc/2a727cb0c1d4… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Zylon | PrivateGPT |
Affected:
0.6.0
Affected: 0.6.1 Affected: 0.6.2 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4515",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-12T14:39:38.291533Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T14:39:41.539Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/superboy-zjc/2a727cb0c1d468f21a91e0416d006ffe"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PrivateGPT",
"vendor": "Zylon",
"versions": [
{
"status": "affected",
"version": "0.6.0"
},
{
"status": "affected",
"version": "0.6.1"
},
{
"status": "affected",
"version": "0.6.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jiacheng Gavin Zhong"
},
{
"lang": "en",
"type": "finder",
"value": "Zhengyu Liu"
},
{
"lang": "en",
"type": "reporter",
"value": "Gavin Zhong (VulDB User)"
},
{
"lang": "en",
"type": "analyst",
"value": "Gavin Zhong (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2. This affects an unknown part of the file settings.yaml. The manipulation of the argument allow_origins leads to permissive cross-domain policy with untrusted domains. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in Zylon PrivateGPT bis 0.6.2 gefunden. Es betrifft eine unbekannte Funktion der Datei settings.yaml. Durch Manipulation des Arguments allow_origins mit unbekannten Daten kann eine permissive cross-domain policy with untrusted domains-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-10T20:31:04.532Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-308235 | Zylon PrivateGPT settings.yaml cross-domain policy",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.308235"
},
{
"name": "VDB-308235 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.308235"
},
{
"name": "Submit #564451 | PrivateGPT 0.6.2 CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.564451"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/superboy-zjc/2a727cb0c1d468f21a91e0416d006ffe"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-05-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-05-09T23:52:11.000Z",
"value": "VulDB entry last update"
}
],
"title": "Zylon PrivateGPT settings.yaml cross-domain policy"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-4515",
"datePublished": "2025-05-10T20:31:04.532Z",
"dateReserved": "2025-05-09T14:54:41.437Z",
"dateUpdated": "2025-05-12T14:39:41.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phases: Architecture and Design, Operation
Strategy: Attack Surface Reduction
Description:
- Define a restrictive Content Security Policy [REF-1486] or cross-domain policy file.
Mitigation
Phases: Architecture and Design, Operation
Strategy: Attack Surface Reduction
Description:
- Avoid using wildcards in the CSP / cross-domain policy file. Any domain matching the wildcard expression will be implicitly trusted, and can perform two-way interaction with the target server.
Mitigation
Phases: Architecture and Design, Operation
Strategy: Environment Hardening
Description:
- For Flash, modify crossdomain.xml to use meta-policy options such as 'master-only' or 'none' to reduce the possibility of an attacker planting extraneous cross-domain policy files on a server.
No CAPEC attack patterns related to this CWE.