CVE-2025-27912 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

An issue was discovered in Datalust Seq before 2024.3.13545. Missing Content-Type validation can lead to CSRF when (1) Entra ID or OpenID Connect authentication…
High CVSS: 8.8

CVE-2025-27912

An issue was discovered in Datalust Seq before 2024.3.13545. Missing Content-Type validation can lead to CSRF when (1) Entra ID or OpenID Connect authentication is in use and a user visits a compromised/malicious site, or (2) when username/password or Active Directory authentication is in use and a user visits a compromised/malicious site under the same effective top-level domain as the Seq server. Exploitation of the vulnerability allows the attacker to conduct impersonation attacks and perform actions in Seq on behalf of the targeted user.
Vendor
Datalust
Product
Seq
CWE
CWE-352
Yayın Tarihi
2025-03-11 08:15:11
Güncelleme
2025-10-10 20:19:26
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-352 Seq HIGH Datalust 2025

Referanslar

https://datalust.co/seq https://github.com/datalust/seq-tickets/issues/2366