CVE-2025-25264 - Vulnerability Details

A low-privileged remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00124.

Exploitation none

Automatable no

Technical Impact total

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2025-18382	An unauthenticated remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://certvde.com/en/advisories/VDE-2025-018/

History

Mon, 06 Oct 2025 22:45:00 +0000

Type	Values Removed	Values Added
Description	An unauthenticated remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks.	A low-privileged remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks.

Mon, 16 Jun 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 16 Jun 2025 10:00:00 +0000

Type	Values Removed	Values Added
Description		An unauthenticated remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks.
Title		Overly Permissive CORS Policy in WAGO Device Manager
Weaknesses		CWE-942
References		https://certvde.com/en/advisories/VDE-2025-018/
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2025-06-16T09:45:31.613Z

Updated: 2025-10-07T07:16:37.653Z

Reserved: 2025-02-06T12:30:08.317Z

Link: CVE-2025-25264

Vulnrichment

Updated: 2025-06-16T18:15:53.456Z

NVD

Status : Awaiting Analysis

Published: 2025-06-16T10:15:19.517

Modified: 2025-10-07T08:15:35.103

Link: CVE-2025-25264

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object