CVE-2025-24783

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jan 27, 2025

Updated: Jan 28, 2025

CWE ID 335

Summary

CVE-2025-24783: A vulnerability has been identified in Apache Cocoon's use of seeds in its Pseudo-Random Number Generator (PRNG). This issue, which affects all versions of Apache Cocoon, allows an attacker to guess continuation ids by predicting the start-up time seeds. To mitigate this risk, users can enable the "session-bound-continuations" option to ensure continuations are not shared across sessions. However, as Apache Cocoon is now retired, no official patch will be released. It's recommended that users find alternatives or restrict access to their instances to trusted users.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2um6LA
https://www.cve.org/CVERecord?id=CVE-2025-24783
https://nvd.nist.gov/vuln/detail/CVE-2025-24783

Back to Vulnerability Database

CVE-2025-24783

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations