CVE-2025-23776

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jan 16, 2025

CWE ID 862

Summary

CVE-2025-23776 is a critical vulnerability affecting Thorn Technologies LLC's Cache Sniper for Nginx from versions n/a through 1.0.4.2. This issue involves missing authorization, enabling unauthorized access to cached data. Hackers can exploit this vulnerability by manipulating incorrectly configured access control security levels, potentially leading to unintended data disclosure or other malicious activities. Organizations using Cache Sniper for Nginx are advised to apply the necessary patches or upgrades to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2haFID
https://www.cve.org/CVERecord?id=CVE-2025-23776
https://nvd.nist.gov/vuln/detail/CVE-2025-23776

Back to Vulnerability Database

CVE-2025-23776

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations