CVE-2025-41363
Description
In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-41363? +
How do I check if I'm vulnerable to CVE-2025-41363? +
Related Vulnerabilities
Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to …
Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790). During the beta phase, we implemented `allowed-origins` and `allowed-hosts` flags to …
In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability …
claude-code-router is a powerful tool to route Claude Code requests to different models and customize any request. Due to improper …
GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0.6.0, the HTTP transport in src/transport.ts ships …
Incorrect Cross-Origin Resource Sharing (CORS) configuration in Hiberus Sintra. Cross-Origin Resource Sharing (CORS) allows browsers to make cross-domain requests in …