3 matches found
CVE-2025-25264
An unauthenticated remote attacker can trick an admin to visit a website containing malicious java script code. The current overly permissive CORS policy allows the attacker to obtain any files from the file system...
CVE-2025-25264
creationtimestamp| type| source ---|---|--- 2025-06-16 10:33:51+00:00| seen| Telegram/rWCmDShs9kyN-Ac2IJ6oBoNksY3QzSzid5WB25gwynslFg 2025-06-16 10:39:09+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/18437 2025-06-16 10:50:27+00:00| seen|...
CVE-2025-25264
CVE-2025-25264 describes an unauthenticated remote attack against WAGO Device Manager, where an attacker can trick an admin to visit a page containing malicious JavaScript. The root cause is an overly permissive CORS policy that allows access to files on the affected system, enabling potential di...