CVE-2025-24562

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Jan 24, 2025
CWE ID 352

Summary

CVE-2025-24562 is a Cross-Site Request Forgery (CSRF) vulnerability discovered in Optimal Access Inc.'s KBucket software. This weakness enables attackers to execute Stored XSS (Cross-Site Scripting) attacks on unsuspecting users. The CSRF flaw affects KBucket versions from n/a through 4.1.6. An attacker can exploit this vulnerability by tricking a user into visiting a malicious website, which can then perform unintended actions on behalf of the user, potentially leading to data theft or account takeover. Users are advised to update their KBucket software to a version free of this vulnerability as soon as possible.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share