fkie_cve-2025-23086
Vulnerability from fkie_nvd
Published
2025-01-21 05:15
Modified
2025-03-22 14:15
Severity ?
Summary
On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a feature to show a site's origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However the origin was not correctly inferred in some cases. When combined with an open redirector vulnerability on a trusted site, this could allow a malicious site to initiate a download whose origin in the file select dialog appears as the trusted site which initiated the redirect.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a feature to show a site\u0027s origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However the origin was not correctly inferred in some cases. When combined with an open redirector vulnerability on a trusted site, this could allow a malicious site to initiate a download whose origin in the file select dialog appears as the trusted site which initiated the redirect."
},
{
"lang": "es",
"value": "En la mayor\u00eda de las plataformas de escritorio, las versiones 1.70.x-1.73.x de Brave Browser inclu\u00edan una funci\u00f3n para mostrar el origen de un sitio en el cuadro de di\u00e1logo de selecci\u00f3n de archivos proporcionado por el sistema operativo cuando un sitio solicita al usuario que cargue o descargue un archivo. Sin embargo, en algunos casos, el origen no se dedujo correctamente. Cuando se combina con una vulnerabilidad de redireccionamiento abierto en un sitio confiable, esto podr\u00eda permitir que un sitio malicioso inicie una descarga cuyo origen en el cuadro de di\u00e1logo de selecci\u00f3n de archivos aparece como el sitio confiable que inici\u00f3 la redirecci\u00f3n."
}
],
"id": "CVE-2025-23086",
"lastModified": "2025-03-22T14:15:16.360",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-21T05:15:07.960",
"references": [
{
"source": "support@hackerone.com",
"url": "https://hackerone.com/reports/2888770"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…