CVE-2025-25264

Medium

An unauthenticated remote attacker can trick an admin to visit a website containing malicious java script code. The current overly…

CERTVDE·CWE-942·Published 2025-06-16

CVSS

6.5

EPSS

0.00

KEV

Exploits

cve.orgen

215 chars

An unauthenticated remote attacker can trick an admin to visit a website containing malicious java script code. The current overly permissive CORS policy allows the attacker to obtain any files from the file system.

NVDen

215 chars

NVDes

217 chars

Un atacante remoto no autenticado puede aprovechar la actual política CORS excesivamente permisiva para obtener acceso y leer las respuestas, exponiendo potencialmente datos confidenciales o posibilitando más ataques.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	6.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
3.1	Secondary	NVD	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N