216.73.216.133

CVE-2025-41010

· Published 02/10/2025 13:15 · Modified 02/10/2025 19:11

Labels: CVE-2025-41010 2025-10-02CVE-2025-41010CWE-942[email protected]

Essential information

Published
02/10/2025 13:15
Modified
02/10/2025 19:11
Author
Creator
CVSS
5.1 MEDIUM (v3) 5.1 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Incorrect Cross-Origin Resource Sharing (CORS) configuration in Hiberus Sintra. Cross-Origin Resource Sharing (CORS) allows browsers to make cross-domain requests in a controlled manner. This request has an “Origin” header that identifies the domain making the initial request and defines the protocol between a browser and a server to see if the request is allowed. An attacker can exploit this and potentially perform privileged actions and access confidential information when Access-Control-Allow-Credentials is enabled.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
hiberus / sintra cpe:2.3:a:hiberus:sintra:*:*:*:*:*:*:*:*

References