CVE-2025-25264 (GCVE-0-2025-25264)
Vulnerability from cvelistv5
Published
2025-06-16 09:45
Modified
2025-07-04 07:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
Summary
An unauthenticated remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T18:15:48.127204Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T18:15:58.245Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9x01",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (FW29)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9x01",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (70",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC100 G1 0750-810x/xxxx-xxxx",
"vendor": "WAGO",
"versions": [
{
"lessThan": "3.10.11 (FW22 Patch 2)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC100 G2 0750-811x-xxxx-xxxx",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (70)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200 G1 750-820x-xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThan": "3.10.11 (FW22 Patch 2)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200 G2 750-821x-xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (FW29)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200 G2 750-821x-xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (70)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-420x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (FW29)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-420x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (70)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-430x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (FW29)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-430x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (70)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-520x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (FW29)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-520x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (70)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-530x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (FW29)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-530x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (70)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-620x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (FW29)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-620x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (70)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-630x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (FW29)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-630x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (70)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller 0752-8303/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (FW29)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller 0752-8303/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.07.01 (70)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks."
}
],
"value": "An unauthenticated remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942 Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-04T07:32:47.814Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-018/"
}
],
"source": {
"advisory": "VDE-2025-018",
"defect": [
"CERT@VDE#641748"
],
"discovery": "UNKNOWN"
},
"title": "Overly Permissive CORS Policy in WAGO Device Manager",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-25264",
"datePublished": "2025-06-16T09:45:31.613Z",
"dateReserved": "2025-02-06T12:30:08.317Z",
"dateUpdated": "2025-07-04T07:32:47.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-25264\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2025-06-16T10:15:19.517\",\"lastModified\":\"2025-06-16T12:32:18.840\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An unauthenticated remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks.\"},{\"lang\":\"es\",\"value\":\"Un atacante remoto no autenticado puede aprovechar la actual pol\u00edtica CORS excesivamente permisiva para obtener acceso y leer las respuestas, exponiendo potencialmente datos confidenciales o posibilitando m\u00e1s ataques.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-942\"}]}],\"references\":[{\"url\":\"https://certvde.com/en/advisories/VDE-2025-018/\",\"source\":\"info@cert.vde.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-25264\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-16T18:15:48.127204Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-16T18:15:53.456Z\"}}], \"cna\": {\"title\": \"Overly Permissive CORS Policy in WAGO Device Manager\", \"source\": {\"defect\": [\"CERT@VDE#641748\"], \"advisory\": \"VDE-2025-018\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"WAGO\", \"product\": \"CC100 0751-9x01\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"04.07.01 (FW29)\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"CC100 0751-9x01\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"04.07.01 (70\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"PFC100 G1 0750-810x/xxxx-xxxx\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"3.10.11 (FW22 Patch 2)\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"PFC100 G2 0750-811x-xxxx-xxxx\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"04.07.01 (70)\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"PFC200 G1 750-820x-xxx-xxx\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"3.10.11 (FW22 Patch 2)\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"PFC200 G2 750-821x-xxx-xxx\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"04.07.01 (FW29)\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"PFC200 G2 750-821x-xxx-xxx\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"04.07.01 (70)\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"TP600 0762-420x/8000-000x\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"04.07.01 (FW29)\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"TP600 0762-420x/8000-000x\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"04.07.01 (70)\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"TP600 0762-430x/8000-000x\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"04.07.01 (FW29)\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"TP600 0762-430x/8000-000x\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"04.07.01 (70)\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"TP600 0762-520x/8000-000x\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"04.07.01 (FW29)\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"TP600 0762-520x/8000-000x\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"04.07.01 (70)\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"TP600 0762-530x/8000-000x\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"04.07.01 (FW29)\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"TP600 0762-530x/8000-000x\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"04.07.01 (70)\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"TP600 0762-620x/8000-000x\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"04.07.01 (FW29)\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"TP600 0762-620x/8000-000x\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"04.07.01 (70)\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"TP600 0762-630x/8000-000x\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"04.07.01 (FW29)\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"TP600 0762-630x/8000-000x\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"04.07.01 (70)\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"Edge Controller 0752-8303/8000-0002\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"04.07.01 (FW29)\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"Edge Controller 0752-8303/8000-0002\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"04.07.01 (70)\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://certvde.com/en/advisories/VDE-2025-018/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An unauthenticated remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An unauthenticated remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-942\", \"description\": \"CWE-942 Permissive Cross-domain Policy with Untrusted Domains\"}]}], \"providerMetadata\": {\"orgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"shortName\": \"CERTVDE\", \"dateUpdated\": \"2025-07-04T07:32:47.814Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-25264\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-04T07:32:47.814Z\", \"dateReserved\": \"2025-02-06T12:30:08.317Z\", \"assignerOrgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"datePublished\": \"2025-06-16T09:45:31.613Z\", \"assignerShortName\": \"CERTVDE\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…