216.73.216.170

CVE-2025-49004

· Published 09/06/2025 21:15 · Modified 09/06/2025 21:15

Labels: CVE-2025-49004 2025-06-09CVE-2025-49004CWE-290[email protected]

Essential information

Published
09/06/2025 21:15
Modified
09/06/2025 21:15
Author
Creator
CVSS
7.5 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

Caido is a web security auditing toolkit. Prior to version 0.48.0, due to the lack of protection for DNS rebinding, Caido can be loaded on an attacker-controlled domain. This allows a malicious website to hijack the authentication flow of Caido and achieve code execution. A malicious website loaded in the browser can hijack the locally running Caido instance and achieve remote command execution during the initial setup. Even if the Caido instance is already configured, an attacker can initiate the authentication flow by performing DNS rebinding. In this case, the victim needs to authorize the request on dashboard.caido.io. Users should upgrade to version 0.48.0 to receive a patch.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
caido / caido cpe:2.3:a:caido:caido:<0.48.0:*:*:*:*:*:*:*

References