FKIE_CVE-2025-23086

Vulnerability from fkie_nvd - Published: 2025-01-21 05:15 - Updated: 2025-03-22 14:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a feature to show a site's origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However the origin was not correctly inferred in some cases. When combined with an open redirector vulnerability on a trusted site, this could allow a malicious site to initiate a download whose origin in the file select dialog appears as the trusted site which initiated the redirect.
References
support@hackerone.comhttps://hackerone.com/reports/2888770
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a feature to show a site\u0027s origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However the origin was not correctly inferred in some cases. When combined with an open redirector vulnerability on a trusted site, this could allow a malicious site to initiate a download whose origin in the file select dialog appears as the trusted site which initiated the redirect."
    },
    {
      "lang": "es",
      "value": "En la mayor\u00eda de las plataformas de escritorio, las versiones 1.70.x-1.73.x de Brave Browser inclu\u00edan una funci\u00f3n para mostrar el origen de un sitio en el cuadro de di\u00e1logo de selecci\u00f3n de archivos proporcionado por el sistema operativo cuando un sitio solicita al usuario que cargue o descargue un archivo. Sin embargo, en algunos casos, el origen no se dedujo correctamente. Cuando se combina con una vulnerabilidad de redireccionamiento abierto en un sitio confiable, esto podr\u00eda permitir que un sitio malicioso inicie una descarga cuyo origen en el cuadro de di\u00e1logo de selecci\u00f3n de archivos aparece como el sitio confiable que inici\u00f3 la redirecci\u00f3n."
    }
  ],
  "id": "CVE-2025-23086",
  "lastModified": "2025-03-22T14:15:16.360",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-01-21T05:15:07.960",
  "references": [
    {
      "source": "support@hackerone.com",
      "url": "https://hackerone.com/reports/2888770"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.