CVE-2025-64781

EPSS 0.05%
Veröffentlicht 12.12.2025 05:16:11
Zuletzt bearbeitet 17.02.2026 15:14:09
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, "External page display restriction" is set to "Do not limit" in the initial configuration. With this configuration, the user may be redirected to an arbitrary website when accessing a specially crafted URL.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Groupsession ≫ Groupsession SwEditionbycloud Version < 5.7.1

Groupsession ≫ Groupsession SwEditionfree Version < 5.7.1

Groupsession ≫ Groupsession SwEditionzion Version < 5.7.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.137

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
vultures@jpcert.or.jp	5.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vultures@jpcert.or.jp	4.7	2.8	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

CWE-1188 Initialization of a Resource with an Insecure Default

The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

https://groupsession.jp/info/info-news/security20251208

Vendor Advisory

https://jvn.jp/en/jp/JVN19940619/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-64781

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-64781

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-64781

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-64781