Security Advisory

CVE-2025-60949

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-23 21:00:55

Last updated 2026-03-25 14:50:13

Assigner cisa-cg

State PUBLISHED

Description

Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha.

← Browse all CVEs View on cve.org ↗