- Description
- An issue was discovered in Datalust Seq before 2024.3.13545. Missing Content-Type validation can lead to CSRF when (1) Entra ID or OpenID Connect authentication is in use and a user visits a compromised/malicious site, or (2) when username/password or Active Directory authentication is in use and a user visits a compromised/malicious site under the same effective top-level domain as the Seq server. Exploitation of the vulnerability allows the attacker to conduct impersonation attacks and perform actions in Seq on behalf of the targeted user.
- Source
- cve@mitre.org
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- cve@mitre.org
- CWE-352
- Hype score
- Not currently trending
🚨 CVE-2025-27912 🔴 HIGH (8.8) 🏢 Datalust - Seq 🏗️ 0 🔗 https://t.co/gLeHSpBMz0 🔗 https://t.co/iJYCdYU8TU #CyberCron #VulnAlert #InfoSec https://t.co/Br8YQ60OvF
@cybercronai
11 Mar 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27912 An issue was discovered in Datalust Seq before 2024.3.13545. Missing Content-Type validation can lead to CSRF when (1) Entra ID or OpenID Connect authentication is in… https://t.co/BhgDXbKb1n
@CVEnew
11 Mar 2025
482 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-27912: HIGH] Critical CSRF vulnerability found in Datalust Seq prior to 2024.3.13545 due to missing Content-Type validation. Attacker can impersonate and perform actions on the target user's behalf.#cybersecurity,#vulnerability https://t.co/mHkstBEo3e https://t.co/SgVgv
@CveFindCom
11 Mar 2025
11 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes