CVE-2025-24555

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Jan 24, 2025
CWE ID 352

Summary

CVE-2025-24555 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Subscription DNA from an unknown version up to 2.1. An attacker exploiting this issue can force unintended actions from a user, who is currently logged into a vulnerable Subscription DNA instance, by inducing them to perform actions they did not intend. This can result in unauthorized modifications to user data or account takeover. The vulnerability also allows Stored Cross-Site Scripting (XSS), potentially leading to the execution of malicious scripts within the user's browser.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share