CVE-2025-25264

Medium CVSS: 6.5

An unauthenticated remote attacker can trick an admin to visit a website containing malicious java script code. The current overly permissive CORS policy allows the attacker to obtain any files from the file system.

Vendor

Product

CWE

CWE-942

Yayın Tarihi

2025-06-16 10:15:19

Güncelleme

2025-11-21 12:15:46

Source Identifier

info@cert.vde.com

KEV Date Added

Kategoriler

CWE-942 MEDIUM 2025

Referanslar

https://certvde.com/en/advisories/VDE-2025-018/