Home

Description

CSRF in Ercom Cryptobox administration console allows attacker to trigger some actions on behalf of a Cryptobox administrator. The attack requires the administrator to browse a malicious web site or to click a link while he has an open session on the administration console.

PUBLISHED Reserved 2025-12-08 | Published 2025-12-17 | Updated 2025-12-17 | Assigner THA-PSIRT




LOW: 0.6CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U

Problem types

CWE-352 Cross-Site Request Forgery (CSRF)

Product status

Default status
unaffected

4.0.0 (semver) before 4.37.229
affected

4.38.0 (semver) before 4.39.200
affected

References

info.cryptobox.com/doc/v4.39/4.39.en/

cve.org (CVE-2025-14266)

nvd.nist.gov (CVE-2025-14266)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.