Home

Description

The Frontier Airlines website has a publicly available endpoint that validates if an email addresses is associated with an account. An unauthenticated, remote attacker could determine valid email addresses, possibly aiding in further attacks.

PUBLISHED Reserved 2025-10-09 | Published 2025-10-23 | Updated 2025-10-27 | Assigner cisa-cg




MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-204 Observable Response Discrepancy

Product status

Default status
unknown

*
affected

Credits

Yuriy Kuzma

References

www.cve.org/CVERecord?id=CVE-2025-62236 (url)

raw.githubusercontent.com/...IT/white/2025/va-25-296-01.json (url)

cve.org (CVE-2025-62236)

nvd.nist.gov (CVE-2025-62236)

Download JSON