CVE-2025-48464 - Vulnerability Details - OpenCVE

Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim’s Sync account data such as account credentials and email protection information.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

Users of affected product versions are advised to update to DuckDuckGo version 5.247.0 immediately.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://tuxplorer.com/posts/dont-leave-me-outdated/
https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-097/

History

Wed, 08 Oct 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 08 Oct 2025 07:00:00 +0000

Type	Values Removed	Values Added
Description		Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim’s Sync account data such as account credentials and email protection information.
Title		Exposure of Sensitive Information
Weaknesses		CWE-200
References		https://tuxplorer.com/posts/dont-leave-me-outdated/ https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-097/
Metrics		cvssV3_1 `{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: CSA

Published: 2025-10-08T06:50:11.081Z

Updated: 2025-10-08T17:27:07.706Z

Reserved: 2025-05-22T09:41:25.401Z

Link: CVE-2025-48464

Vulnrichment

Updated: 2025-10-08T17:26:50.765Z

NVD

Status : Awaiting Analysis

Published: 2025-10-08T07:15:33.323

Modified: 2025-10-08T19:38:09.863

Link: CVE-2025-48464

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-48464", "assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "state": "PUBLISHED", "assignerShortName": "CSA", "dateReserved": "2025-05-22T09:41:25.401Z", "datePublished": "2025-10-08T06:50:11.081Z", "dateUpdated": "2025-10-08T17:27:07.706Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "DuckDuckGo Browser", "vendor": "DuckDuckGo", "versions": [{"status": "affected", "version": "5.246.0 and below"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Leng Kang Hao"}], "datePublic": "2025-10-08T06:49:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim\u2019s Sync account data such as account credentials and email protection information.\n\n<br>"}], "value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim\u2019s Sync account data such as account credentials and email protection information."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "shortName": "CSA", "dateUpdated": "2025-10-08T06:50:11.081Z"}, "references": [{"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-097/"}, {"url": "https://tuxplorer.com/posts/dont-leave-me-outdated/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Users of affected product versions are advised to update to DuckDuckGo version 5.247.0 immediately.\n\n<br>"}], "value": "Users of affected product versions are advised to update to DuckDuckGo version 5.247.0 immediately."}], "source": {"discovery": "UNKNOWN"}, "title": "Exposure of Sensitive Information", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-08T17:23:36.909136Z", "id": "CVE-2025-48464", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-08T17:27:07.706Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-48464", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-08T17:23:36.909136Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-08T17:26:50.765Z"}}], "cna": {"title": "Exposure of Sensitive Information", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Leng Kang Hao"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "DuckDuckGo", "product": "DuckDuckGo Browser", "versions": [{"status": "affected", "version": "5.246.0 and below"}], "defaultStatus": "unknown"}], "solutions": [{"lang": "en", "value": "Users of affected product versions are advised to update to DuckDuckGo version 5.247.0 immediately.", "supportingMedia": [{"type": "text/html", "value": "Users of affected product versions are advised to update to DuckDuckGo version 5.247.0 immediately.\n\n<br>", "base64": false}]}], "datePublic": "2025-10-08T06:49:00.000Z", "references": [{"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-097/"}, {"url": "https://tuxplorer.com/posts/dont-leave-me-outdated/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim\u2019s Sync account data such as account credentials and email protection information.", "supportingMedia": [{"type": "text/html", "value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim\u2019s Sync account data such as account credentials and email protection information.\n\n<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "shortName": "CSA", "dateUpdated": "2025-10-08T06:50:11.081Z"}}}, "cveMetadata": {"cveId": "CVE-2025-48464", "state": "PUBLISHED", "dateUpdated": "2025-10-08T17:27:07.706Z", "dateReserved": "2025-05-22T09:41:25.401Z", "assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "datePublished": "2025-10-08T06:50:11.081Z", "assignerShortName": "CSA"}, "dataVersion": "5.1"}