CVE-2025-14266

CSRF in Ercom Cryptobox administration console

CVSS 0.6 LOWEPSS 0.2%CWE-352

CSRF in Ercom Cryptobox administration console allows attacker to trigger some actions on behalf of a Cryptobox administrator. The attack requires the administrator to browse a malicious web site or to click a link while he has an open session on the administration console.

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U

Productos afectados

Ercom · Cryptobox

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://info.cryptobox.com/doc/v4.39/4.39.en/#fix2