cvelistv5 - cve-2025-59845

CVE-2025-59845 (GCVE-0-2025-59845)

Vulnerability from cvelistv5 – Published: 2025-09-26 22:38 – Updated: 2025-09-29 15:02

Summary

Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery (CSRF) vulnerability was identified. The vulnerability arises from missing origin validation in the client-side code that handles window.postMessage events. A malicious website can send forged messages to the embedding page, causing the victim’s browser to execute arbitrary GraphQL queries or mutations against their GraphQL server while authenticated with the victim’s cookies. This issue has been patched in Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3.

Severity ?

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

CWE

CWE-346 - Origin Validation Error
CWE-352 - Cross-Site Request Forgery (CSRF)

Assigner

GitHub_M

References

URL

Tags

https://github.com/apollographql/embeddable-explo…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	apollographql	embeddable-explorer	Affected: < 2.7.2 Affected: < 3.7.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59845",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-29T15:01:34.408985Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-29T15:02:04.057Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "embeddable-explorer",
          "vendor": "apollographql",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.7.2"
            },
            {
              "status": "affected",
              "version": "\u003c 3.7.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apollo Studio Embeddable Explorer \u0026 Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery (CSRF) vulnerability was identified. The vulnerability arises from missing origin validation in the client-side code that handles window.postMessage events. A malicious website can send forged messages to the embedding page, causing the victim\u2019s browser to execute arbitrary GraphQL queries or mutations against their GraphQL server while authenticated with the victim\u2019s cookies. This issue has been patched in Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-346",
              "description": "CWE-346: Origin Validation Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352: Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-26T22:38:57.350Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/apollographql/embeddable-explorer/security/advisories/GHSA-w87v-7w53-wwxv",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/apollographql/embeddable-explorer/security/advisories/GHSA-w87v-7w53-wwxv"
        }
      ],
      "source": {
        "advisory": "GHSA-w87v-7w53-wwxv",
        "discovery": "UNKNOWN"
      },
      "title": "Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-59845",
    "datePublished": "2025-09-26T22:38:57.350Z",
    "dateReserved": "2025-09-22T14:34:03.472Z",
    "dateUpdated": "2025-09-29T15:02:04.057Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-59845\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-09-26T23:15:31.640\",\"lastModified\":\"2025-09-29T19:34:10.030\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apollo Studio Embeddable Explorer \u0026 Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery (CSRF) vulnerability was identified. The vulnerability arises from missing origin validation in the client-side code that handles window.postMessage events. A malicious website can send forged messages to the embedding page, causing the victim\u2019s browser to execute arbitrary GraphQL queries or mutations against their GraphQL server while authenticated with the victim\u2019s cookies. This issue has been patched in Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":4.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-346\"},{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"references\":[{\"url\":\"https://github.com/apollographql/embeddable-explorer/security/advisories/GHSA-w87v-7w53-wwxv\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-59845\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-29T15:01:34.408985Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-29T15:01:40.967Z\"}}], \"cna\": {\"title\": \"Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass\", \"source\": {\"advisory\": \"GHSA-w87v-7w53-wwxv\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"apollographql\", \"product\": \"embeddable-explorer\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 2.7.2\"}, {\"status\": \"affected\", \"version\": \"\u003c 3.7.3\"}]}], \"references\": [{\"url\": \"https://github.com/apollographql/embeddable-explorer/security/advisories/GHSA-w87v-7w53-wwxv\", \"name\": \"https://github.com/apollographql/embeddable-explorer/security/advisories/GHSA-w87v-7w53-wwxv\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Apollo Studio Embeddable Explorer \u0026 Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery (CSRF) vulnerability was identified. The vulnerability arises from missing origin validation in the client-side code that handles window.postMessage events. A malicious website can send forged messages to the embedding page, causing the victim\\u2019s browser to execute arbitrary GraphQL queries or mutations against their GraphQL server while authenticated with the victim\\u2019s cookies. This issue has been patched in Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-346\", \"description\": \"CWE-346: Origin Validation Error\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-352\", \"description\": \"CWE-352: Cross-Site Request Forgery (CSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-09-26T22:38:57.350Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-59845\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-29T15:02:04.057Z\", \"dateReserved\": \"2025-09-22T14:34:03.472Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-09-26T22:38:57.350Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-W87V-7W53-WWXV

Vulnerability from github – Published: 2025-09-26 15:00 – Updated: 2025-09-29 14:03

Summary

Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass

Details

Impact

A Cross-Site Request Forgery (CSRF) vulnerability was identified in Apollo’s Embedded Sandbox and Embedded Explorer.

The vulnerability arises from missing origin validation in the client-side code that handles window.postMessage events. A malicious website can send forged messages to the embedding page, causing the victim’s browser to execute arbitrary GraphQL queries or mutations against their GraphQL server while authenticated with the victim’s cookies.

Who is impacted

Anyone embedding Apollo Sandbox or Apollo Explorer in their website may have been affected by this vulnerability.

Users who embed Apollo Sandbox or Apollo Explorer in their websites via npm packages (@apollo/sandbox and @apollo/explorer) or direct links to Apollo’s CDN.
Users running Apollo Router with embedded Sandbox enabled. This served the vulnerable code from Apollo’s CDN.
Users running Apollo Server with embedded Sandbox or Explorer enabled. Embedded Sandbox is enabled by default when NODE_ENV is not set to production, and embedded Sandbox and Explorer can also be enabled in production mode via landing page plugins. This served the vulnerable code from Apollo’s CDN.

While all of the above methods of serving Embedded Sandbox and Explorer were vulnerable, Apollo has already updated its CDN to remove all vulnerable versions. Unless you install the npm package @apollo/sandbox or @apollo/explorer directly into your website’s front end code, no action is necessary: the vulnerability has already been mitigated.

Users who do not embed Sandbox/Explorer on their websites, or who only run Apollo Router/Server with production defaults were never impacted. The use of non-embedded Sandbox and Explorer hosted on studio.apollographql.com is not vulnerable.

Scope of impact

The vulnerability allows a malicious website to open the vulnerable website in a new window and force it to send GraphQL requests to its origin. The requests themselves are not "cross-origin" as they are directly issued from the vulnerable website, but their contents are dictated by the malicious website.

The malicious website cannot read the responses to the GraphQL operations, but the operations may be mutations with side effects (such as using credentials to update app-specific data access controls). These operations can contain the browser user's cookies, and the vulnerable website may be on a private network otherwise inaccessible to the attacker. Operations sent this way look and exactly like legitimate operations sent by a human interacting with the embedded Sandbox or Explorer.

Patches

The issue has been fixed by adding strict origin validation to DOM message handling.

@apollo/sandbox: Patched in v2.7.2 and later
@apollo/explorer: Patched in v3.7.3 and later
Apollo’s CDN embeds have been updated to patched versions. This protects embeds based on <script> tags pointing to Apollo’s CDN, as well as the Apollo Router and Apollo Server features. No action is necessary to adopt the fix in this case.

If you manually edited the <script> tag provided by the Explorer or Sandbox UI to replace the version string _latest, v2, or v3 with a specific git-style SHA, you may find that the Explorer or Sandbox UI does not currently load. To fix this, use a supported URL instead, as documented for Sandbox or Explorer. (The third-party Go GraphQL server gqlgen provides a function ApolloSandboxHandler which serves an unsupported URL and was broken by our mitigations; upgrading to gqlgen v0.17.81 will resolve this issue.)

Workarounds

If you are using Apollo Server, ensure NODE_ENV=production is set in production to avoid unintentionally serving embedded Sandbox.
Customers not using embedded Sandbox/Explorer are not affected and do not need to take action.

References

Severity ?

8.2 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@apollo/sandbox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@apollo/explorer"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.7.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-59845"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-346",
      "CWE-352"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-26T15:00:05Z",
    "nvd_published_at": "2025-09-26T23:15:31Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nA **Cross-Site Request Forgery (CSRF)** vulnerability was identified in Apollo\u2019s **Embedded Sandbox** and **Embedded Explorer**.\n\nThe vulnerability arises from missing origin validation in the client-side code that handles `window.postMessage` events. A malicious website can send forged messages to the embedding page, causing the victim\u2019s browser to execute arbitrary GraphQL queries or mutations against their GraphQL server while authenticated with the victim\u2019s cookies.\n\n#### Who is impacted\n\nAnyone embedding [Apollo Sandbox](https://www.apollographql.com/docs/graphos/platform/sandbox#embedding-sandbox) or [Apollo Explorer](https://www.apollographql.com/docs/graphos/platform/explorer/embed) in their website may have been affected by this vulnerability.\n\n- Users who embed Apollo Sandbox or Apollo Explorer in their websites via npm packages (`@apollo/sandbox` and `@apollo/explorer`) or direct links to Apollo\u2019s CDN.\n- Users running Apollo Router with [embedded Sandbox enabled](https://www.apollographql.com/docs/graphos/routing/configuration/yaml#sandbox). This served the vulnerable code from Apollo\u2019s CDN.\n- Users running Apollo Server with embedded Sandbox or Explorer enabled. Embedded Sandbox is enabled by default when `NODE_ENV` is not set to `production`, and embedded Sandbox and Explorer can also be enabled in production mode via [landing page plugins](https://www.apollographql.com/docs/apollo-server/api/plugin/landing-pages). This served the vulnerable code from Apollo\u2019s CDN.\n\nWhile all of the above methods of serving Embedded Sandbox and Explorer were vulnerable, Apollo has already updated its CDN to remove all vulnerable versions. **Unless you install the npm package `@apollo/sandbox` or `@apollo/explorer` directly into your website\u2019s front end code, no action is necessary: the vulnerability has already been mitigated.**\n\nUsers who do not embed Sandbox/Explorer on their websites, or who only run Apollo Router/Server with production defaults were never impacted. The use of non-embedded Sandbox and Explorer hosted on [studio.apollographql.com](http://studio.apollographql.com/) is not vulnerable.\n\n\n#### Scope of impact\n\nThe vulnerability allows a malicious website to open the vulnerable website in a new window and force it to send GraphQL requests to its origin. The requests themselves are not \"cross-origin\" as they are directly issued from the vulnerable website, but their contents are dictated by the malicious website.\n\nThe malicious website cannot read the responses to the GraphQL operations, but the operations may be mutations with side effects (such as using credentials to update app-specific data access controls). These operations can contain the browser user\u0027s cookies, and the vulnerable website may be on a private network otherwise inaccessible to the attacker. Operations sent this way look and exactly like legitimate operations sent by a human interacting with the embedded Sandbox or Explorer.\n\n### Patches\n\nThe issue has been fixed by adding strict origin validation to DOM message handling.\n\n- `@apollo/sandbox`: Patched in v2.7.2 and later\n- `@apollo/explorer`: Patched in v3.7.3 and later\n- Apollo\u2019s CDN embeds have been updated to patched versions. This protects embeds based on `\u003cscript\u003e` tags pointing to Apollo\u2019s CDN, as well as the Apollo Router and Apollo Server features. No action is necessary to adopt the fix in this case.\n\nIf you manually edited the `\u003cscript\u003e` tag provided by the Explorer or Sandbox UI to replace the version string `_latest`, `v2`, or `v3` with a specific git-style SHA, you may find that the Explorer or Sandbox UI does not currently load. To fix this, use a supported URL instead, as documented for [Sandbox](https://www.apollographql.com/docs/graphos/platform/sandbox#embedding-sandbox) or [Explorer](https://www.apollographql.com/docs/graphos/platform/explorer/embed). (The third-party Go GraphQL server [gqlgen](https://github.com/99designs/gqlgen) provides a function ApolloSandboxHandler which serves an unsupported URL and was broken by our mitigations; upgrading to [gqlgen v0.17.81](https://github.com/99designs/gqlgen/releases/tag/v0.17.81) will resolve this issue.)\n\n### Workarounds\n\n- If you are using Apollo Server, ensure `NODE_ENV=production` is set in production to avoid unintentionally serving embedded Sandbox.\n- Customers not using embedded Sandbox/Explorer are not affected and do not need to take action.\n\n\n### References\n\n- [Apollo Server CSRF Documentation](https://www.apollographql.com/docs/apollo-server/security/cors#preventing-cross-site-request-forgery-csrf)\n- [Apollo Router Sandbox Configuration](https://www.apollographql.com/docs/graphos/routing/configuration/yaml#sandbox)\n- [Apollo Explorer Embed Documentation](https://www.apollographql.com/docs/graphos/platform/explorer/embed)",
  "id": "GHSA-w87v-7w53-wwxv",
  "modified": "2025-09-29T14:03:00Z",
  "published": "2025-09-26T15:00:05Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/apollographql/embeddable-explorer/security/advisories/GHSA-w87v-7w53-wwxv"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59845"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apollographql/embeddable-explorer"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass"
}

FKIE_CVE-2025-59845

Vulnerability from fkie_nvd - Published: 2025-09-26 23:15 - Updated: 2025-09-29 19:34

Severity ?

8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/apollographql/embeddable-explorer/security/advisories/GHSA-w87v-7w53-wwxv

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apollo Studio Embeddable Explorer \u0026 Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery (CSRF) vulnerability was identified. The vulnerability arises from missing origin validation in the client-side code that handles window.postMessage events. A malicious website can send forged messages to the embedding page, causing the victim\u2019s browser to execute arbitrary GraphQL queries or mutations against their GraphQL server while authenticated with the victim\u2019s cookies. This issue has been patched in Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3."
    }
  ],
  "id": "CVE-2025-59845",
  "lastModified": "2025-09-29T19:34:10.030",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.7,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-09-26T23:15:31.640",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/apollographql/embeddable-explorer/security/advisories/GHSA-w87v-7w53-wwxv"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-346"
        },
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-59845 (GCVE-0-2025-59845)

GHSA-W87V-7W53-WWXV

Impact

Who is impacted

Scope of impact

Patches

Workarounds

References

FKIE_CVE-2025-59845

Tags

Sightings

Nomenclature