CVE-2025-5410

Exploit

EPSS 0.24%
Veröffentlicht 01.06.2025 22:31:05
Zuletzt bearbeitet 25.11.2025 14:55:01
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

Mist Community Edition middleware.py session_start_response cross-site request forgery

A vulnerability was found in Mist Community Edition up to 4.7.1. It has been declared as problematic. This vulnerability affects the function session_start_response of the file src/mist/api/auth/middleware.py. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.2 is able to address this issue. The patch is identified as db10ecb62ac832c1ed4924556d167efb9bc07fad. It is recommended to upgrade the affected component.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 2 Referenzen 9

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mist ≫ Mist SwEditioncommunity Version < 4.7.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.15

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cna@vuldb.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cna@vuldb.com	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/mistio/mist.api/commit/db10ecb62ac832c1ed4924556d167efb9bc07fad

Patch

https://github.com/mistio/mist-ce/releases/tag/v4.7.2

Release Notes

https://vuldb.com/?id.310750

Third Party Advisory

VDB Entry

https://vuldb.com/?ctiid.310750

VDB Entry

Permissions Required

https://vuldb.com/?submit.583532

Third Party Advisory

VDB Entry

https://github.com/Stolichnayer/mist-ce-csrf

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-5410

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-5410

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-5410

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-5410