CVE-2025-21618
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Jan 6, 2025
CWE ID 287
Summary
CVE-2025-21618 is a vulnerability affecting NiceGUI, a Python-based UI framework. Before its 2.9.1 release, NiceGUI did not distinguish between regular and incognito browsing sessions during authentication. As a result, users were inadvertently logged in to NiceGUI on all browsers, including those in incognito mode. This issue could potentially lead to privacy concerns, as unintended access to NiceGUI interfaces could result in unauthorized data viewing or manipulation. The vulnerability has been addressed in the 2.9.1 release.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share