Security Advisory

CVE-2025-25264

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-06-16 09:45:31

Last updated 2025-11-21 11:36:54

Assigner CERTVDE

State PUBLISHED

Description

An unauthenticated remote attacker can trick an admin to visit a website containing malicious java script code. The current overly permissive CORS policy allows the attacker to obtain any files from the file system.

← Browse all CVEs View on cve.org ↗