CVE-2025-2859

Published Mar 28, 2025

Last updated 21 hours ago

CVSS medium 6.9

Overview

Description: An attacker with network access, could capture traffic and obtain user cookies, allowing the attacker to steal the active user session and make changes to the device via web, depending on the privileges obtained by the user.
Source: cve-coordination@incibe.es
NVD status: Awaiting Analysis

Risk scores

CVSS 4.0

Type: Secondary
Base score: 6.9
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: MEDIUM

Weaknesses

cve-coordination@incibe.es: CWE-287

Hype score: Not currently trending

CVE-2025-2859 An attacker with access to the network where the vulnerable device is located could capture traffic and obtain cookies from the user, allowing them to steal a user's ac… https://t.co/AhsQUYPGXQ
@CVEnew
28 Mar 2025
76 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

References