CVE-2025-50864 (GCVE-0-2025-50864)

Vulnerability from cvelistv5 – Published: 2025-08-20 00:00 – Updated: 2025-08-21 14:49
VLAI?
Summary
An Origin Validation Error in the elysia-cors library thru 1.3.0 allows attackers to bypass Cross-Origin Resource Sharing (CORS) restrictions. The library incorrectly validates the supplied origin by checking if it is a substring of any domain in the site's CORS policy, rather than performing an exact match. For example, a malicious origin like "notexample.com", "example.common.net" is whitelisted when the site's CORS policy specifies "example.com." This vulnerability enables unauthorized access to user data on sites using the elysia-cors library for CORS validation.
Severity ?
6.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-50864",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-21T13:28:23.333748Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-178",
                "description": "CWE-178 Improper Handling of Case Sensitivity",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-21T14:49:11.664Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An Origin Validation Error in the elysia-cors library thru 1.3.0 allows attackers to bypass Cross-Origin Resource Sharing (CORS) restrictions. The library incorrectly validates the supplied origin by checking if it is a substring of any domain in the site\u0027s CORS policy, rather than performing an exact match. For example, a malicious origin like \"notexample.com\", \"example.common.net\" is whitelisted when the site\u0027s CORS policy specifies \"example.com.\" This vulnerability enables unauthorized access to user data on sites using the elysia-cors library for CORS validation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-20T14:50:57.775Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "http://elysiajs.com"
        },
        {
          "url": "https://github.com/elysiajs/elysia-cors/blob/main/src/index.ts"
        },
        {
          "url": "https://github.com/elysiajs/elysia-cors/tree/main"
        },
        {
          "url": "https://medium.com/@raghavagrawal_23036/cors-bypass-in-popular-opensource-library-ad27fb41e16a"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-50864",
    "datePublished": "2025-08-20T00:00:00.000Z",
    "dateReserved": "2025-06-16T00:00:00.000Z",
    "dateUpdated": "2025-08-21T14:49:11.664Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-50864\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-08-20T15:15:32.990\",\"lastModified\":\"2025-08-22T18:09:17.710\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Origin Validation Error in the elysia-cors library thru 1.3.0 allows attackers to bypass Cross-Origin Resource Sharing (CORS) restrictions. The library incorrectly validates the supplied origin by checking if it is a substring of any domain in the site\u0027s CORS policy, rather than performing an exact match. For example, a malicious origin like \\\"notexample.com\\\", \\\"example.common.net\\\" is whitelisted when the site\u0027s CORS policy specifies \\\"example.com.\\\" This vulnerability enables unauthorized access to user data on sites using the elysia-cors library for CORS validation.\"},{\"lang\":\"es\",\"value\":\"Un error de validaci\u00f3n de origen en elysia-cors library hasta la versi\u00f3n 1.3.0 permite a los atacantes eludir las restricciones de Cross-Origin Resource Sharing (CORS). La librer\u00eda valida incorrectamente el origen proporcionado comprobando si es una subcadena de alg\u00fan dominio en la pol\u00edtica CORS del sitio, en lugar de realizar una coincidencia exacta. Por ejemplo, un origen malicioso como \\\"notexample.com\\\" o \\\"example.common.net\\\" se incluye en la lista blanca cuando la pol\u00edtica CORS del sitio especifica \\\"example.com\\\". Esta vulnerabilidad permite el acceso no autorizado a los datos de usuario en sitios que utilizan la librer\u00eda elysia-cors para la validaci\u00f3n CORS.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-178\"}]}],\"references\":[{\"url\":\"http://elysiajs.com\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/elysiajs/elysia-cors/blob/main/src/index.ts\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/elysiajs/elysia-cors/tree/main\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://medium.com/@raghavagrawal_23036/cors-bypass-in-popular-opensource-library-ad27fb41e16a\",\"source\":\"cve@mitre.org\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-50864\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-21T13:28:23.333748Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-178\", \"description\": \"CWE-178 Improper Handling of Case Sensitivity\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-21T13:28:26.889Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"http://elysiajs.com\"}, {\"url\": \"https://github.com/elysiajs/elysia-cors/blob/main/src/index.ts\"}, {\"url\": \"https://github.com/elysiajs/elysia-cors/tree/main\"}, {\"url\": \"https://medium.com/@raghavagrawal_23036/cors-bypass-in-popular-opensource-library-ad27fb41e16a\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An Origin Validation Error in the elysia-cors library thru 1.3.0 allows attackers to bypass Cross-Origin Resource Sharing (CORS) restrictions. The library incorrectly validates the supplied origin by checking if it is a substring of any domain in the site\u0027s CORS policy, rather than performing an exact match. For example, a malicious origin like \\\"notexample.com\\\", \\\"example.common.net\\\" is whitelisted when the site\u0027s CORS policy specifies \\\"example.com.\\\" This vulnerability enables unauthorized access to user data on sites using the elysia-cors library for CORS validation.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-08-20T14:50:57.775Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-50864\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-21T14:49:11.664Z\", \"dateReserved\": \"2025-06-16T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-08-20T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.