CVE-2023-35817

CVSS 3.1 Score 5 of 10 (medium)

Details

Published Apr 28, 2025

Updated: Apr 29, 2025

CWE ID 918

Summary

CVE-2023-35817 is a newly disclosed vulnerability affecting DevExpress versions prior to 23.1.3. This issue permits an attacker to perform Server Side Request Forgery (SSRF) attacks using theAsyncDownloader component. An attacker can manipulate the component to direct traffic to internal resources, potentially gaining unauthorized access to sensitive data or performing other malicious activities. The vulnerability poses a significant risk, emphasizing the importance of updating to the latest version of DevExpress to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

DevExpress

Affected Vendors

DevExpress

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rr45xb
https://www.cve.org/CVERecord?id=CVE-2023-35817
https://nvd.nist.gov/vuln/detail/CVE-2023-35817

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners