CVE-2025-9108 | THREATINT

Description

Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of rendered ui layers. It is possible to launch the attack remotely.

Es betrifft eine unbekannte Funktion der Komponente Login Page. Dank der Manipulation mit unbekannten Daten kann eine improper restriction of rendered ui layers-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen.

PUBLISHED Reserved 2025-08-17 | Published 2025-08-18 | Updated 2025-08-18 | Assigner VulDB

MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

MEDIUM: 4.3CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

5.0AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

Problem types

Improper Restriction of Rendered UI Layers

Product status

1.0

affected

1.1

affected

1.2

affected

1.3

affected

1.4

affected

1.5.0

affected

Timeline

2025-08-17:	Advisory disclosed
2025-08-17:	VulDB entry created
2025-08-17:	VulDB entry last update

Credits

princival (VulDB User) reporter

References

vuldb.com/?id.320430 (VDB-320430 | Portabilis i-Diario Login Page ui layer) vdb-entry

vuldb.com/?ctiid.320430 (VDB-320430 | CTI Indicators (IOB, IOC)) signature permissions-required

vuldb.com/?submit.627923 (Submit #627923 | i-diario i-diario login system 2.9 Clickjacking) third-party-advisory

cve.org (CVE-2025-9108)

nvd.nist.gov (CVE-2025-9108)

Download JSON