CVE-2025-41366

In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting…

INCIBE·CWE-942·Published 2025-06-06

CVSS

—

EPSS

0.00

KEV

Exploits

cve.orgen

303 chars

In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability requires authenticating to the device and executing certain commands that can only be executed with permissions higher than the view permission.

NVDen

303 chars

NVDes

310 chars

En IDF v0.10.0-0C03-03 y ZLF v0.10.0-0C03-04, se detectó un error de configuración en cross-origin resource sharing (CORS). Para explotar esta vulnerabilidad, es necesario autenticarse en el dispositivo y ejecutar ciertos comandos que solo pueden ejecutarse con permisos superiores al permiso de visualización.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
4.0	Primary	cve.org	5.1	—	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L
4.0	Secondary	NVD	5.1	—	—