CVE-2025-25264 - Vulnerability Details - OpenCVE

An unauthenticated remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00119.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://certvde.com/en/advisories/VDE-2025-018/

History

Mon, 16 Jun 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 16 Jun 2025 10:00:00 +0000

Type	Values Removed	Values Added
Description		An unauthenticated remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks.
Title		Overly Permissive CORS Policy in WAGO Device Manager
Weaknesses		CWE-942
References		https://certvde.com/en/advisories/VDE-2025-018/
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2025-06-16T09:45:31.613Z

Updated: 2025-07-04T07:32:47.814Z

Reserved: 2025-02-06T12:30:08.317Z

Link: CVE-2025-25264

Vulnrichment

Updated: 2025-06-16T18:15:53.456Z

NVD

Status : Awaiting Analysis

Published: 2025-06-16T10:15:19.517

Modified: 2025-06-16T12:32:18.840

Link: CVE-2025-25264

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-25264", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2025-02-06T12:30:08.317Z", "datePublished": "2025-06-16T09:45:31.613Z", "dateUpdated": "2025-07-04T07:32:47.814Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CC100 0751-9x01", "vendor": "WAGO", "versions": [{"lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CC100 0751-9x01", "vendor": "WAGO", "versions": [{"lessThan": "04.07.01 (70", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "PFC100 G1 0750-810x/xxxx-xxxx", "vendor": "WAGO", "versions": [{"lessThan": "3.10.11 (FW22 Patch 2)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "PFC100 G2 0750-811x-xxxx-xxxx", "vendor": "WAGO", "versions": [{"lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "PFC200 G1 750-820x-xxx-xxx", "vendor": "WAGO", "versions": [{"lessThan": "3.10.11 (FW22 Patch 2)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "PFC200 G2 750-821x-xxx-xxx", "vendor": "WAGO", "versions": [{"lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "PFC200 G2 750-821x-xxx-xxx", "vendor": "WAGO", "versions": [{"lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TP600 0762-420x/8000-000x", "vendor": "WAGO", "versions": [{"lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TP600 0762-420x/8000-000x", "vendor": "WAGO", "versions": [{"lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TP600 0762-430x/8000-000x", "vendor": "WAGO", "versions": [{"lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TP600 0762-430x/8000-000x", "vendor": "WAGO", "versions": [{"lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TP600 0762-520x/8000-000x", "vendor": "WAGO", "versions": [{"lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TP600 0762-520x/8000-000x", "vendor": "WAGO", "versions": [{"lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TP600 0762-530x/8000-000x", "vendor": "WAGO", "versions": [{"lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TP600 0762-530x/8000-000x", "vendor": "WAGO", "versions": [{"lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TP600 0762-620x/8000-000x", "vendor": "WAGO", "versions": [{"lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TP600 0762-620x/8000-000x", "vendor": "WAGO", "versions": [{"lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TP600 0762-630x/8000-000x", "vendor": "WAGO", "versions": [{"lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TP600 0762-630x/8000-000x", "vendor": "WAGO", "versions": [{"lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Edge Controller 0752-8303/8000-0002", "vendor": "WAGO", "versions": [{"lessThan": "04.07.01 (FW29)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Edge Controller 0752-8303/8000-0002", "vendor": "WAGO", "versions": [{"lessThan": "04.07.01 (70)", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An unauthenticated remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks."}], "value": "An unauthenticated remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-942", "description": "CWE-942 Permissive Cross-domain Policy with Untrusted Domains", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2025-07-04T07:32:47.814Z"}, "references": [{"url": "https://certvde.com/en/advisories/VDE-2025-018/"}], "source": {"advisory": "VDE-2025-018", "defect": ["CERT@VDE#641748"], "discovery": "UNKNOWN"}, "title": "Overly Permissive CORS Policy in WAGO Device Manager", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-16T18:15:48.127204Z", "id": "CVE-2025-25264", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-16T18:15:58.245Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-25264", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-16T18:15:48.127204Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-16T18:15:53.456Z"}}], "cna": {"title": "Overly Permissive CORS Policy in WAGO Device Manager", "source": {"defect": ["CERT@VDE#641748"], "advisory": "VDE-2025-018", "discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "WAGO", "product": "CC100 0751-9x01", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "04.07.01 (FW29)", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "CC100 0751-9x01", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "04.07.01 (70", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "PFC100 G1 0750-810x/xxxx-xxxx", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "3.10.11 (FW22 Patch 2)", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "PFC100 G2 0750-811x-xxxx-xxxx", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "04.07.01 (70)", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "PFC200 G1 750-820x-xxx-xxx", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "3.10.11 (FW22 Patch 2)", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "PFC200 G2 750-821x-xxx-xxx", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "04.07.01 (FW29)", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "PFC200 G2 750-821x-xxx-xxx", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "04.07.01 (70)", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "TP600 0762-420x/8000-000x", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "04.07.01 (FW29)", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "TP600 0762-420x/8000-000x", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "04.07.01 (70)", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "TP600 0762-430x/8000-000x", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "04.07.01 (FW29)", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "TP600 0762-430x/8000-000x", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "04.07.01 (70)", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "TP600 0762-520x/8000-000x", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "04.07.01 (FW29)", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "TP600 0762-520x/8000-000x", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "04.07.01 (70)", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "TP600 0762-530x/8000-000x", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "04.07.01 (FW29)", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "TP600 0762-530x/8000-000x", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "04.07.01 (70)", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "TP600 0762-620x/8000-000x", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "04.07.01 (FW29)", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "TP600 0762-620x/8000-000x", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "04.07.01 (70)", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "TP600 0762-630x/8000-000x", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "04.07.01 (FW29)", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "TP600 0762-630x/8000-000x", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "04.07.01 (70)", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Edge Controller 0752-8303/8000-0002", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "04.07.01 (FW29)", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Edge Controller 0752-8303/8000-0002", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "04.07.01 (70)", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://certvde.com/en/advisories/VDE-2025-018/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An unauthenticated remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks.", "supportingMedia": [{"type": "text/html", "value": "An unauthenticated remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-942", "description": "CWE-942 Permissive Cross-domain Policy with Untrusted Domains"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2025-07-04T07:32:47.814Z"}}}, "cveMetadata": {"cveId": "CVE-2025-25264", "state": "PUBLISHED", "dateUpdated": "2025-07-04T07:32:47.814Z", "dateReserved": "2025-02-06T12:30:08.317Z", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "datePublished": "2025-06-16T09:45:31.613Z", "assignerShortName": "CERTVDE"}, "dataVersion": "5.1"}