6.1

CVE-2025-23086

EPSS 0.22%
Veröffentlicht 21.01.2025 05:15:07
Zuletzt bearbeitet 22.03.2025 14:15:16
Quelle support@hackerone.com
CVE-Watchlists
Login
Unerledigt
Login

On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a feature to show a site's origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However the origin was not correctly inferred in some cases. When combined with an open redirector vulnerability on a trusted site, this could allow a malicious site to initiate a download whose origin in the file select dialog appears as the trusted site which initiated the redirect.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerBrave

≫

Produkt Desktop Browser

Version < 1.74.48

Version 1.74.48

Status affected

Version < 1.70.117

Version 1.70.117

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.442

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://hackerone.com/reports/2888770

https://nvd.nist.gov/vuln/detail/CVE-2025-23086

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-23086

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-23086

EUVD