CVE-2025-4515

Medium CVSS: 5.3

A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2. This affects an unknown part of the file settings.yaml. The manipulation of the argument allow_origins leads to permissive cross-domain policy with untrusted domains. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Pribai

Product

Privategpt

CWE

CWE-346

Yayın Tarihi

2025-05-10 21:15:52

Güncelleme

2025-07-08 16:47:04

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-346 Privategpt MEDIUM Pribai 2025

Referanslar

https://gist.github.com/superboy-zjc/2a727cb0c1d468f21a91e0416d006ffe https://vuldb.com/?ctiid.308235 https://vuldb.com/?id.308235 https://vuldb.com/?submit.564451 https://gist.github.com/superboy-zjc/2a727cb0c1d468f21a91e0416d006ffe

Benzer Kayıtlar

Medium

CVE-2024-8029

An XSS vulnerability was discovered in the upload file(s) process of imartinez/privategpt v0.5.0. Attackers can upload m…

High

CVE-2024-8018

A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service (DOS) attack. When uploading a file…

High

CVE-2024-12063

A Denial of Service (DoS) vulnerability exists in the file upload feature of imartinez/privategpt version v0.6.2. The vu…