CVE-2025-14266

CSRF in Ercom Cryptobox administration console

CVSS 0.6 LOWEPSS 0.2%CWE-352

CSRF in Ercom Cryptobox administration console allows attacker to trigger some actions on behalf of a Cryptobox administrator. The attack requires the administrator to browse a malicious web site or to click a link while he has an open session on the administration console.

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U

Produtos afetados

Ercom · Cryptobox

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://info.cryptobox.com/doc/v4.39/4.39.en/#fix2