CVE-2025-24555
CVSS 3.1 Score 7.1 of 10 (high)
Details
Published Jan 24, 2025
CWE ID 352
Summary
CVE-2025-24555 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Subscription DNA from an unknown version up to 2.1. An attacker exploiting this issue can force unintended actions from a user, who is currently logged into a vulnerable Subscription DNA instance, by inducing them to perform actions they did not intend. This can result in unauthorized modifications to user data or account takeover. The vulnerability also allows Stored Cross-Site Scripting (XSS), potentially leading to the execution of malicious scripts within the user's browser.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share