Common Weakness Enumeration

CWE-942

Allowed

Permissive Cross-domain Security Policy with Untrusted Domains

Abstraction: Variant · Status: Incomplete

The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.

176 vulnerabilities reference this CWE, most recent first.

CVE-2025-41010 (GCVE-0-2025-41010)

Vulnerability from cvelistv5 – Published: 2025-10-02 12:22 – Updated: 2025-10-02 15:52
VLAI
Title
Cross-origin resource sharing (CORS) in Hiberus Sintra
Summary
Incorrect Cross-Origin Resource Sharing (CORS) configuration in Hiberus Sintra. Cross-Origin Resource Sharing (CORS) allows browsers to make cross-domain requests in a controlled manner. This request has an “Origin” header that identifies the domain making the initial request and defines the protocol between a browser and a server to see if the request is allowed. An attacker can exploit this and potentially perform privileged actions and access confidential information when Access-Control-Allow-Credentials is enabled.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-942 - Permissive Cross-domain Security Policy with Untrusted Domains
Assigner
Impacted products
Vendor Product Version
Hiberus Sintra Affected: All versions
Create a notification for this product.
Date Public
2025-10-02 12:16
Credits
Manuel Gomez Argandoña
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-41010",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-02T15:13:55.558386Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-02T15:52:28.607Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Sintra",
          "vendor": "Hiberus",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Manuel Gomez Argando\u00f1a"
        }
      ],
      "datePublic": "2025-10-02T12:16:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect Cross-Origin Resource Sharing (CORS) configuration in Hiberus Sintra. Cross-Origin Resource Sharing (CORS) allows browsers to make cross-domain requests in a controlled manner. This request has an \u201cOrigin\u201d header that identifies the domain making the initial request and defines the protocol between a browser and a server to see if the request is allowed. An attacker can exploit this and potentially perform privileged actions and access confidential information when Access-Control-Allow-Credentials is enabled."
            }
          ],
          "value": "Incorrect Cross-Origin Resource Sharing (CORS) configuration in Hiberus Sintra. Cross-Origin Resource Sharing (CORS) allows browsers to make cross-domain requests in a controlled manner. This request has an \u201cOrigin\u201d header that identifies the domain making the initial request and defines the protocol between a browser and a server to see if the request is allowed. An attacker can exploit this and potentially perform privileged actions and access confidential information when Access-Control-Allow-Credentials is enabled."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-942",
              "description": "CWE-942 Permissive Cross-domain Security Policy with Untrusted Domains",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-02T12:22:32.030Z",
        "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "shortName": "INCIBE"
      },
      "references": [
        {
          "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-origin-resource-sharing-cors-hiberus-sintra"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNo solution has been reported at this time.\u003c/span\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "No solution has been reported at this time."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Cross-origin resource sharing (CORS) in Hiberus Sintra",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
    "assignerShortName": "INCIBE",
    "cveId": "CVE-2025-41010",
    "datePublished": "2025-10-02T12:22:32.030Z",
    "dateReserved": "2025-04-16T09:08:43.217Z",
    "dateUpdated": "2025-10-02T15:52:28.607Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-30354 (GCVE-0-2025-30354)

Vulnerability from cvelistv5 – Published: 2025-04-01 14:21 – Updated: 2025-04-02 15:54
VLAI
Title
Bruno ignores Safe-Mode in Asserts expressions
Summary
Bruno is an open source IDE for exploring and testing APIs. A bug in the assertion runtime caused assert expressions to run in Developer Mode, even if Safe Mode was selected. The bug resulted in the sandbox settings to be ignored for the particular case where a single request is run/sent. This vulnerability's attack surface is limited strictly to scenarios where users import collections from untrusted or malicious sources. The exploit requires deliberate action from the user—specifically, downloading and opening an externally provided malicious Bruno collection. The vulnerability is fixed in 1.39.1.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
Assigner
References
Impacted products
Vendor Product Version
usebruno bruno Affected: < 1.39.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30354",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-02T15:53:55.512512Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-02T15:54:07.928Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "bruno",
          "vendor": "usebruno",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.39.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Bruno is an open source IDE for exploring and testing APIs. A bug in the assertion runtime caused assert expressions to run in Developer Mode, even if Safe Mode was selected. The bug resulted in the sandbox settings to be ignored for the particular case where a single request is run/sent. This vulnerability\u0027s attack surface is limited strictly to scenarios where users import collections from untrusted or malicious sources. The exploit requires deliberate action from the user\u2014specifically, downloading and opening an externally provided malicious Bruno collection. The vulnerability is fixed in 1.39.1."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "ACTIVE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-942",
              "description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-01T14:21:39.625Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/usebruno/bruno/security/advisories/GHSA-hffg-7v8v-79j3",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/usebruno/bruno/security/advisories/GHSA-hffg-7v8v-79j3"
        }
      ],
      "source": {
        "advisory": "GHSA-hffg-7v8v-79j3",
        "discovery": "UNKNOWN"
      },
      "title": "Bruno ignores Safe-Mode in Asserts expressions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-30354",
    "datePublished": "2025-04-01T14:21:39.625Z",
    "dateReserved": "2025-03-21T14:12:06.270Z",
    "dateUpdated": "2025-04-02T15:54:07.928Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-27909 (GCVE-0-2025-27909)

Vulnerability from cvelistv5 – Published: 2025-08-18 14:00 – Updated: 2025-08-18 14:12
VLAI
Title
IBM Concert Software cross-origin resource sharing
Summary
IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged actions as the domain name is not being limited to only trusted domains.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
Assigner
ibm
References
URL Tags
https://www.ibm.com/support/pages/node/7242354 vendor-advisorypatch
Impacted products
Vendor Product Version
IBM Concert Software Affected: 1.0.0 , ≤ 1.1.0 (semver)
    cpe:2.3:a:ibm:concert:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:concert:1.0.1:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27909",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-18T14:12:23.680897Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-18T14:12:36.834Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:concert:1.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:concert:1.0.1:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Concert Software",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "1.1.0",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged actions as the domain name is not being limited to only trusted domains."
            }
          ],
          "value": "IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged actions as the domain name is not being limited to only trusted domains."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-942",
              "description": "CWE-942 Permissive Cross-domain Policy with Untrusted Domains",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-18T14:00:31.751Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7242354"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Concert Software cross-origin resource sharing",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-27909",
    "datePublished": "2025-08-18T14:00:31.751Z",
    "dateReserved": "2025-03-10T17:14:11.136Z",
    "dateUpdated": "2025-08-18T14:12:36.834Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-25264 (GCVE-0-2025-25264)

Vulnerability from cvelistv5 – Published: 2025-06-16 09:45 – Updated: 2025-11-21 11:36
VLAI
Title
Overly Permissive CORS Policy in WAGO Device Manager
Summary
An unauthenticated remote attacker can trick an admin to visit a website containing malicious java script code. The current overly permissive CORS policy allows the attacker to obtain any files from the file system.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
Assigner
References
Impacted products
Vendor Product Version
WAGO CC100 0751-9x01 Affected: 0.0.0 , < 04.07.01 (FW29) (semver)
Create a notification for this product.
WAGO CC100 0751-9x01 Affected: 0.0.0 , < 04.07.01 (70 (semver)
Create a notification for this product.
WAGO PFC100 G1 0750-810x/xxxx-xxxx Affected: 0.0.0 , < 3.10.11 (FW22 Patch 2) (semver)
Create a notification for this product.
WAGO PFC100 G2 0750-811x-xxxx-xxxx Affected: 0.0.0 , < 04.07.01 (70) (semver)
Create a notification for this product.
WAGO PFC200 G1 750-820x-xxx-xxx Affected: 0.0.0 , < 3.10.11 (FW22 Patch 2) (semver)
Create a notification for this product.
WAGO PFC200 G2 750-821x-xxx-xxx Affected: 0.0.0 , < 04.07.01 (FW29) (semver)
Create a notification for this product.
WAGO PFC200 G2 750-821x-xxx-xxx Affected: 0.0.0 , < 04.07.01 (70) (semver)
Create a notification for this product.
WAGO TP600 0762-420x/8000-000x Affected: 0.0.0 , < 04.07.01 (FW29) (semver)
Create a notification for this product.
WAGO TP600 0762-420x/8000-000x Affected: 0.0.0 , < 04.07.01 (70) (semver)
Create a notification for this product.
WAGO TP600 0762-430x/8000-000x Affected: 0.0.0 , < 04.07.01 (FW29) (semver)
Create a notification for this product.
WAGO TP600 0762-430x/8000-000x Affected: 0.0.0 , < 04.07.01 (70) (semver)
Create a notification for this product.
WAGO TP600 0762-520x/8000-000x Affected: 0.0.0 , < 04.07.01 (FW29) (semver)
Create a notification for this product.
WAGO TP600 0762-520x/8000-000x Affected: 0.0.0 , < 04.07.01 (70) (semver)
Create a notification for this product.
WAGO TP600 0762-530x/8000-000x Affected: 0.0.0 , < 04.07.01 (FW29) (semver)
Create a notification for this product.
WAGO TP600 0762-530x/8000-000x Affected: 0.0.0 , < 04.07.01 (70) (semver)
Create a notification for this product.
WAGO TP600 0762-620x/8000-000x Affected: 0.0.0 , < 04.07.01 (FW29) (semver)
Create a notification for this product.
WAGO TP600 0762-620x/8000-000x Affected: 0.0.0 , < 04.07.01 (70) (semver)
Create a notification for this product.
WAGO TP600 0762-630x/8000-000x Affected: 0.0.0 , < 04.07.01 (FW29) (semver)
Create a notification for this product.
WAGO TP600 0762-630x/8000-000x Affected: 0.0.0 , < 04.07.01 (70) (semver)
Create a notification for this product.
WAGO Edge Controller 0752-8303/8000-0002 Affected: 0.0.0 , < 04.07.01 (FW29) (semver)
Create a notification for this product.
WAGO Edge Controller 0752-8303/8000-0002 Affected: 0.0.0 , < 04.07.01 (70) (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-25264",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-16T18:15:48.127204Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-16T18:15:58.245Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CC100 0751-9x01",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01 (FW29)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC100 0751-9x01",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01 (70",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC100 G1 0750-810x/xxxx-xxxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "3.10.11 (FW22 Patch 2)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC100 G2 0750-811x-xxxx-xxxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01 (70)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC200 G1 750-820x-xxx-xxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "3.10.11 (FW22 Patch 2)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC200 G2 750-821x-xxx-xxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01 (FW29)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC200 G2 750-821x-xxx-xxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01 (70)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-420x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01 (FW29)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-420x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01 (70)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-430x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01 (FW29)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-430x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01 (70)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-520x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01 (FW29)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-520x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01 (70)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-530x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01 (FW29)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-530x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01 (70)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-620x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01 (FW29)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-620x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01 (70)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-630x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01 (FW29)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-630x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01 (70)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Edge Controller 0752-8303/8000-0002",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01 (FW29)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Edge Controller 0752-8303/8000-0002",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "04.07.01 (70)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An unauthenticated remote attacker can trick an admin to visit a website containing malicious java script code. The current overly permissive CORS policy allows the attacker to obtain any files from the file system.\u003cbr\u003e"
            }
          ],
          "value": "An unauthenticated remote attacker can trick an admin to visit a website containing malicious java script code. The current overly permissive CORS policy allows the attacker to obtain any files from the file system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-942",
              "description": "CWE-942 Permissive Cross-domain Policy with Untrusted Domains",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-21T11:36:54.281Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://certvde.com/en/advisories/VDE-2025-018/"
        }
      ],
      "source": {
        "advisory": "VDE-2025-018",
        "defect": [
          "CERT@VDE#641748"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Overly Permissive CORS Policy in WAGO Device Manager",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2025-25264",
    "datePublished": "2025-06-16T09:45:31.613Z",
    "dateReserved": "2025-02-06T12:30:08.317Z",
    "dateUpdated": "2025-11-21T11:36:54.281Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-13984 (GCVE-0-2025-13984)

Vulnerability from cvelistv5 – Published: 2026-01-28 20:02 – Updated: 2026-01-29 18:24
VLAI
Title
Next.js - Critical - Access bypass - SA-CONTRIB-2025-122
Summary
Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting (XSS).This issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-942 - Permissive Cross-domain Security Policy with Untrusted Domains
Assigner
References
Impacted products
Vendor Product Version
Drupal Next.js Affected: 0.0.0 , < 1.6.4 (semver)
Affected: 2.0.0 , < 2.0.1 (semver)
Create a notification for this product.
Date Public
2025-12-03 18:49
Credits
Mike Decker (pookmish) Brian Perry (brianperry) Rob Decker (rrrob) Bram Driesen (bramdriesen) Greg Knaddison (greggles) Jess (xjm)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-13984",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-29T18:24:01.824775Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-29T18:24:28.956Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.drupal.org/project/next",
          "defaultStatus": "unaffected",
          "product": "Next.js",
          "repo": "https://git.drupalcode.org/project/next",
          "vendor": "Drupal",
          "versions": [
            {
              "lessThan": "1.6.4",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.0.1",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Mike Decker (pookmish)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Brian Perry (brianperry)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Rob Decker (rrrob)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Bram Driesen (bramdriesen)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Greg Knaddison (greggles)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Jess  (xjm)"
        }
      ],
      "datePublic": "2025-12-03T18:49:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting (XSS).\u003cp\u003eThis issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1.\u003c/p\u003e"
            }
          ],
          "value": "Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting (XSS).This issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-63",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-63 Cross-Site Scripting (XSS)"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-942",
              "description": "CWE-942 Permissive Cross-domain Security Policy with Untrusted Domains",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-28T20:02:22.486Z",
        "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "shortName": "drupal"
      },
      "references": [
        {
          "url": "https://www.drupal.org/sa-contrib-2025-122"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Next.js - Critical - Access bypass - SA-CONTRIB-2025-122",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
    "assignerShortName": "drupal",
    "cveId": "CVE-2025-13984",
    "datePublished": "2026-01-28T20:02:22.486Z",
    "dateReserved": "2025-12-03T17:04:25.507Z",
    "dateUpdated": "2026-01-29T18:24:28.956Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-11304 (GCVE-0-2025-11304)

Vulnerability from cvelistv5 – Published: 2025-10-05 21:02 – Updated: 2025-10-06 16:11
VLAI
Title
CodeCanyon/ui-lib Mentor LMS API cross-domain policy
Summary
A flaw has been found in CodeCanyon/ui-lib Mentor LMS up to 1.1.1. Affected by this vulnerability is an unknown functionality of the component API. Executing manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
  • CWE-346 - Origin Validation Error
Assigner
References
Impacted products
Vendor Product Version
CodeCanyon Mentor LMS Affected: 1.1.0
Affected: 1.1.1
Create a notification for this product.
ui-lib Mentor LMS Affected: 1.1.0
Affected: 1.1.1
Create a notification for this product.
Credits
JaredLoo (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-11304",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-06T16:10:50.243196Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-06T16:11:03.752Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/PlsRevert/CVEs/issues/3"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/PlsRevert/CVEs/issues/3#issue-3447867888"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "API"
          ],
          "product": "Mentor LMS",
          "vendor": "CodeCanyon",
          "versions": [
            {
              "status": "affected",
              "version": "1.1.0"
            },
            {
              "status": "affected",
              "version": "1.1.1"
            }
          ]
        },
        {
          "modules": [
            "API"
          ],
          "product": "Mentor LMS",
          "vendor": "ui-lib",
          "versions": [
            {
              "status": "affected",
              "version": "1.1.0"
            },
            {
              "status": "affected",
              "version": "1.1.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "JaredLoo (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw has been found in CodeCanyon/ui-lib Mentor LMS up to 1.1.1. Affected by this vulnerability is an unknown functionality of the component API. Executing manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in CodeCanyon/ui-lib Mentor LMS up to 1.1.1 entdeckt. Betroffen davon ist eine unbekannte Funktion der Komponente API. Mittels dem Manipulieren mit unbekannten Daten kann eine permissive cross-domain policy with untrusted domains-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-942",
              "description": "Permissive Cross-domain Policy with Untrusted Domains",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-346",
              "description": "Origin Validation Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-05T21:02:06.131Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-327185 | CodeCanyon/ui-lib Mentor LMS API cross-domain policy",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.327185"
        },
        {
          "name": "VDB-327185 | CTI Indicators (IOB, IOC)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.327185"
        },
        {
          "name": "Submit #661733 | ui-lib Mentor LMS 1.1.1 Origin Validation Error",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.661733"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/PlsRevert/CVEs/issues/3"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/PlsRevert/CVEs/issues/3#issue-3447867888"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-10-04T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-10-04T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-10-04T20:58:12.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "CodeCanyon/ui-lib Mentor LMS API cross-domain policy"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-11304",
    "datePublished": "2025-10-05T21:02:06.131Z",
    "dateReserved": "2025-10-04T18:53:08.673Z",
    "dateUpdated": "2025-10-06T16:11:03.752Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-9292 (GCVE-0-2025-9292)

Vulnerability from cvelistv5 – Published: 2026-02-13 00:21 – Updated: 2026-02-13 22:09
VLAI
Title
Permissive Web Security Policy Allows Cross-Origin Access Control Bypass on Omada Cloud Controllers
Summary
A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful exploitation could allow unauthorized disclosure of sensitive information. Fixed in updated Omada Cloud Controller service versions deployed automatically by TP‑Link. No user action is required.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-942 - Permissive Cross-domain Security Policy with Untrusted Domains
Assigner
References
Impacted products
Credits
Francesco La Spina, Stanislav Dashevskyi from Forescout Technologies
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9292",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-13T13:18:18.233135Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-13T13:18:27.891Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Omada"
          ],
          "product": "Omada Cloud Controller",
          "vendor": "TP-Link Systems Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Francesco La Spina, Stanislav Dashevskyi from Forescout Technologies"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances.  Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface.  Successful exploitation could allow unauthorized disclosure of sensitive information.\u0026nbsp;Fixed in updated Omada Cloud Controller service versions deployed automatically by TP\u2011Link. No user action is required."
            }
          ],
          "value": "A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances.  Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface.  Successful exploitation could allow unauthorized disclosure of sensitive information.\u00a0Fixed in updated Omada Cloud Controller service versions deployed automatically by TP\u2011Link. No user action is required."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-63",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-63 Cross-Site Scripting (XSS)"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 2,
            "baseSeverity": "LOW",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-942",
              "description": "CWE-942 Permissive Cross-domain Security Policy with Untrusted Domains",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-13T22:09:17.957Z",
        "orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
        "shortName": "TPLink"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.tp-link.com/us/support/faq/4969/"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.omadanetworks.com/us/support/faq/4969/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Permissive Web Security Policy Allows Cross-Origin Access Control Bypass on Omada Cloud Controllers",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
    "assignerShortName": "TPLink",
    "cveId": "CVE-2025-9292",
    "datePublished": "2026-02-13T00:21:24.168Z",
    "dateReserved": "2025-08-20T22:24:24.501Z",
    "dateUpdated": "2026-02-13T22:09:17.957Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-4839 (GCVE-0-2025-4839)

Vulnerability from cvelistv5 – Published: 2025-05-17 22:00 – Updated: 2025-05-19 14:34
VLAI
Title
itwanger paicoding CrossUtil.java cross-domain policy
Summary
A vulnerability has been found in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /paicoding-core/src/main/java/com/github/paicoding/forum/core/util/CrossUtil.java. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
  • CWE-346 - Origin Validation Error
Assigner
References
Impacted products
Vendor Product Version
itwanger paicoding Affected: 1.0.0
Affected: 1.0.1
Affected: 1.0.2
Affected: 1.0.3
Create a notification for this product.
Credits
ShenxiuSecurity (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4839",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-19T14:34:38.944208Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-19T14:34:41.960Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250510-02.md"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "paicoding",
          "vendor": "itwanger",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.0"
            },
            {
              "status": "affected",
              "version": "1.0.1"
            },
            {
              "status": "affected",
              "version": "1.0.2"
            },
            {
              "status": "affected",
              "version": "1.0.3"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "ShenxiuSecurity (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /paicoding-core/src/main/java/com/github/paicoding/forum/core/util/CrossUtil.java. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used."
        },
        {
          "lang": "de",
          "value": "In itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /paicoding-core/src/main/java/com/github/paicoding/forum/core/util/CrossUtil.java. Durch das Beeinflussen mit unbekannten Daten kann eine permissive cross-domain policy with untrusted domains-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.6,
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-942",
              "description": "Permissive Cross-domain Policy with Untrusted Domains",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-346",
              "description": "Origin Validation Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-17T22:00:06.221Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-309307 | itwanger paicoding CrossUtil.java cross-domain policy",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.309307"
        },
        {
          "name": "VDB-309307 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.309307"
        },
        {
          "name": "Submit #574826 | itwanger paicoding from version 1.0.0 to 1.0.3 Permissive Cross-domain Policy with Untrusted Domains",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.574826"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250510-02.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-05-16T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-05-16T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-05-16T16:45:57.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "itwanger paicoding CrossUtil.java cross-domain policy"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-4839",
    "datePublished": "2025-05-17T22:00:06.221Z",
    "dateReserved": "2025-05-16T14:40:54.970Z",
    "dateUpdated": "2025-05-19T14:34:41.960Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-4542 (GCVE-0-2025-4542)

Vulnerability from cvelistv5 – Published: 2025-05-11 17:31 – Updated: 2025-05-12 12:37
VLAI
Title
Freeebird Hotel 酒店管理系统 API SessionInterceptor.java cross-domain policy
Summary
A vulnerability, which was classified as problematic, has been found in Freeebird Hotel 酒店管理系统 API up to 1.2. Affected by this issue is some unknown functionality of the file /src/main/java/cn/mafangui/hotel/tool/SessionInterceptor.java. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
  • CWE-346 - Origin Validation Error
Assigner
References
Impacted products
Vendor Product Version
Freeebird Hotel 酒店管理系统 API Affected: 1.0
Affected: 1.1
Affected: 1.2
Create a notification for this product.
Credits
ShenxiuSecurity (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4542",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-12T12:37:46.607959Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-12T12:37:49.407Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250429-01.md"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Hotel \u9152\u5e97\u7ba1\u7406\u7cfb\u7edf API",
          "vendor": "Freeebird",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            },
            {
              "status": "affected",
              "version": "1.1"
            },
            {
              "status": "affected",
              "version": "1.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "ShenxiuSecurity (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability, which was classified as problematic, has been found in Freeebird Hotel \u9152\u5e97\u7ba1\u7406\u7cfb\u7edf API up to 1.2. Affected by this issue is some unknown functionality of the file /src/main/java/cn/mafangui/hotel/tool/SessionInterceptor.java. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used."
        },
        {
          "lang": "de",
          "value": "Eine problematische Schwachstelle wurde in Freeebird Hotel \u9152\u5e97\u7ba1\u7406\u7cfb\u7edf API bis 1.2 entdeckt. Betroffen davon ist ein unbekannter Prozess der Datei /src/main/java/cn/mafangui/hotel/tool/SessionInterceptor.java. Mit der Manipulation mit unbekannten Daten kann eine permissive cross-domain policy with untrusted domains-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.6,
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-942",
              "description": "Permissive Cross-domain Policy with Untrusted Domains",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-346",
              "description": "Origin Validation Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-11T17:31:03.798Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-308288 | Freeebird Hotel \u9152\u5e97\u7ba1\u7406\u7cfb\u7edf API SessionInterceptor.java cross-domain policy",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.308288"
        },
        {
          "name": "VDB-308288 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.308288"
        },
        {
          "name": "Submit #567214 | freeebird hotel 1.2 branch Permissive Cross-domain Policy with Untrusted Domains",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.567214"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250429-01.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-05-10T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-05-10T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-05-10T15:53:31.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Freeebird Hotel \u9152\u5e97\u7ba1\u7406\u7cfb\u7edf API SessionInterceptor.java cross-domain policy"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-4542",
    "datePublished": "2025-05-11T17:31:03.798Z",
    "dateReserved": "2025-05-10T13:48:28.434Z",
    "dateUpdated": "2025-05-12T12:37:49.407Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-4515 (GCVE-0-2025-4515)

Vulnerability from cvelistv5 – Published: 2025-05-10 20:31 – Updated: 2025-05-12 14:39
VLAI
Title
Zylon PrivateGPT settings.yaml cross-domain policy
Summary
A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2. This affects an unknown part of the file settings.yaml. The manipulation of the argument allow_origins leads to permissive cross-domain policy with untrusted domains. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
  • CWE-346 - Origin Validation Error
Assigner
References
URL Tags
https://vuldb.com/?id.308235 vdb-entrytechnical-description
https://vuldb.com/?ctiid.308235 signaturepermissions-required
https://vuldb.com/?submit.564451 third-party-advisory
https://gist.github.com/superboy-zjc/2a727cb0c1d4… exploit
Impacted products
Vendor Product Version
Zylon PrivateGPT Affected: 0.6.0
Affected: 0.6.1
Affected: 0.6.2
Create a notification for this product.
Credits
Jiacheng Gavin Zhong Zhengyu Liu Gavin Zhong (VulDB User) Gavin Zhong (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4515",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-12T14:39:38.291533Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-12T14:39:41.539Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://gist.github.com/superboy-zjc/2a727cb0c1d468f21a91e0416d006ffe"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PrivateGPT",
          "vendor": "Zylon",
          "versions": [
            {
              "status": "affected",
              "version": "0.6.0"
            },
            {
              "status": "affected",
              "version": "0.6.1"
            },
            {
              "status": "affected",
              "version": "0.6.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jiacheng Gavin Zhong"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Zhengyu Liu"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Gavin Zhong (VulDB User)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Gavin Zhong (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2. This affects an unknown part of the file settings.yaml. The manipulation of the argument allow_origins leads to permissive cross-domain policy with untrusted domains. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine problematische Schwachstelle in Zylon PrivateGPT bis 0.6.2 gefunden. Es betrifft eine unbekannte Funktion der Datei settings.yaml. Durch Manipulation des Arguments allow_origins mit unbekannten Daten kann eine permissive cross-domain policy with untrusted domains-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-942",
              "description": "Permissive Cross-domain Policy with Untrusted Domains",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-346",
              "description": "Origin Validation Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-10T20:31:04.532Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-308235 | Zylon PrivateGPT settings.yaml cross-domain policy",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.308235"
        },
        {
          "name": "VDB-308235 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.308235"
        },
        {
          "name": "Submit #564451 | PrivateGPT 0.6.2 CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.564451"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://gist.github.com/superboy-zjc/2a727cb0c1d468f21a91e0416d006ffe"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-05-09T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-05-09T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-05-09T23:52:11.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Zylon PrivateGPT settings.yaml cross-domain policy"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-4515",
    "datePublished": "2025-05-10T20:31:04.532Z",
    "dateReserved": "2025-05-09T14:54:41.437Z",
    "dateUpdated": "2025-05-12T14:39:41.539Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design Operation

Strategy: Attack Surface Reduction

Define a restrictive Content Security Policy [REF-1486] or cross-domain policy file.

Mitigation
Architecture and Design Operation

Strategy: Attack Surface Reduction

Avoid using wildcards in the CSP / cross-domain policy file. Any domain matching the wildcard expression will be implicitly trusted, and can perform two-way interaction with the target server.

Mitigation
Architecture and Design Operation

Strategy: Environment Hardening

For Flash, modify crossdomain.xml to use meta-policy options such as 'master-only' or 'none' to reduce the possibility of an attacker planting extraneous cross-domain policy files on a server.

No CAPEC attack patterns related to this CWE.